Suspicious Network Activity - IDS
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Adobe PKG Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ARM File Requested via WGET (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Flowbit set for POST to Quicken Updater
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO GET Minimal HTTP Headers Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO IE7UA No Cookie No Referer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO maas.io Image Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download - Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (no .exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request to Dotted Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible WinHttpRequest (no .exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Symantec Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO User-Agent (wininet)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Windows Update/Microsoft FP Flowbit
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ZoneAlarm Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44Calibar Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44 Caliber Stealer Data Exfil via Discord
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (bigudp)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (dns)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (stop)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (syn)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Activity related to APT.Seinup Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Agent.BAAB Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla Communicating with CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla PWS HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alfa/Alpha Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Alina Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina Server Response Code
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina User-Agent(Alina)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alman Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AlphaCrypt CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt Connectivity Check 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Alureon Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey CnC Check-In
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT Init Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT WebSocket Session
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/FakeKakao checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin Dec 29 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Check-in Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Downloading Module
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntiVirus exe Download Likely FakeAV Install
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntSword Webshell User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Sucessful Exploit
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ApolloLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ApolloLocker Ransomware CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Kupay Wallet CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Union Crypto CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT15/NICKEL Related CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 SEDNIT Variant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28/SkinnyBoy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/SkinnyBoy Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Uploader Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 Uploader Variant Fake Request to Google
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Cache_DLL SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - Evil Twitter Callback
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - MAL_REFERER
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29/Wellness CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Agtid callback
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Backspace CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Bitter Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/Bitter Related Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-48 Related Activity Retrieving ConsoleHost (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Cheshire Cat CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Donot Group Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/FamousSparrow Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Fwits CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT.Fwits CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Hellsing Proxy Checker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lazarus Nukesped Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lurker POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Mustang Panda Payload - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt C2 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Operation Sidecopy lnk Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT OSX.XSLCmd CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/TransparentTribe CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/TransparentTribe Style Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor Intial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor User-Agent (ALIZER)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ares Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Gopher Related User-Agent (aimxxhwpcc)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Advtravel Campaign GET Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checking filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Exfiltrating files
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT File information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (SK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skype)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skypee)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Date
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Serial
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AridViper CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer Config Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer IP Lookup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArrobarLoader CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader/TeleRAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ASNAROK Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ASNAROK Related Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Data Post to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Form Submission to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asterope Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AstroBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Athena DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Atya Dropper Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aura Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AutoHotkey Downloader Checkin via IPLogger
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AutoHotKey offthewall Downloader Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Avzhan DDoS Bot User-Agent MyIE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult Variant.4 Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babar POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babax Stealer Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BabyShark CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BACKCONFIG CnC Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Egobot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise CnC Beacon 1 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise Style IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise Style IP Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Esion CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Graybird Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor Lanfiltrator Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Meciv Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.bjjv Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.myttae User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Ixeshe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Ping Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/PcClient.AA Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.PEx.942728546 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.RShot HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Get Config Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Put
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Trup.CX Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Xtrat Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backoff POS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadPatch CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Baldr Stealer Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin - Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Headers - Likely CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bancos/Banker Info Stealer Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BandarChor/CryptON Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BandarChor Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (hhh)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Ms)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Mz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (MzApp)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker PWS/Infostealer HTTP GET Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker Trojan (General) HTTP Checkin (vit)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banking Trojan HTTP Cookie
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin Detected (envia.php)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload POST Checkin (dados)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload User-Agent Detected (ExampleDL)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaBackdoor Variant CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT GET request CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT POST request CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bebloh connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim payload retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BestAntivirus2011 Fake AV reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Betabot Checkin 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BF Botnet CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BigLock Ransomware CnC Activity (id)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BIOPASS RAT Go Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BIOPASS RAT Python Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitcoin variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter APT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BITTERBUG Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter RAT HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bitter RAT HTTP CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_SLOTH.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackbeard Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2 POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x Plugin Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Black KingDom Ransomware Related Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BlackMatter CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackshadesRAT Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech Plead Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BleachGap Ransomware Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Blue Bot DDoS Blog Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Logger Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Proxy Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Target Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bolek HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Book of Eli CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bookworm CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bookworm CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bossabot DDoS tool RFI attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bot Backdoor Checkin/registration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BOUNCEBEAM Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bravix Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brazilian Banker SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab CnC URL Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab Downloader Communicating With Controller (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BroBot POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Rivest)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BrushaLoader CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer - DomainInfo User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Successful Payload Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BUILDINGCAN CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buran Ransomware Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Buran Ransomware Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BYOB - Python Backdoor Loader Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BYOB - Python Backdoor Stager Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bzub2 Related RPC/Http Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE C3Pool CoinMiner Setup Script Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Campo Loader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Capfire4 Checkin (register machine)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE carberp check in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp checkin task
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp CnC request POST /set/task.html
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp file download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Casbaneiro CnC Host Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cashout Proxy Bot reg_DST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBeplay Downloading Design
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay.P Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CenterPOS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Delete Plugins
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Load Plugins
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CerberTear Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaseBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (command)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (file)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (hello)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (result)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Chthonic CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Citadel Activity POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Citadel Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (aspx)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (PHP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Click Fraud Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ClipBanker Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - Coinminer Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Clipsa Stealer - Exfiltration Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CloudAtlas APT Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cloud Atlas CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CNRarypt Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cnzz.cn Related Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt STrike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Bing Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Observed (MASB UA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cohhoc RAT CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoinVault CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault POST M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CollectorStealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Outbound Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew Possible APT backdoor download logo.png
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Access Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL (partner)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (farfly checkin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (pid - mac)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (wmid - ucid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Trojan HTTP GET Logging
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre URI/Headers Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Zbot EXE filename Dec 09 2013
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE COMRAT CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Conficker/KernelBot/MS08-067 related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ConstructorWin32/Agent.V
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cookies/Cookiebag Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Requesting Module
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Covenant Framework HTTP Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar V2 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Criptobit/Mobef Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CROSSWALK CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptojoker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptolocker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLocker EXE Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoPatronum Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoShield Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall CryptoWall 3.0 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Curso Banker Downloading Modules
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT User-Agent (USER_CHECK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cyborg Ransomware - Downloading Desktop Background
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cycbot POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE D1onis Stealer Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Extraction
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Daemonize.ft HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dalexis CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dalexis Downloading EXE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot Associated Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot UA Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CNC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkHotel Downloader CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Downloader CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Initial Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Payload Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Darkness DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Databack CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DATA-BROKER BOT Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRAT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M13
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat Initial CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ddex Loader Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Job Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Slave POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet Miner Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Janicab CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Powersing CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecebalPOS User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecryptmyFiles Ransomware CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE DEEP PANDA Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delf Checkin via HTTP (5)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Densmail.com Related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer-715 Install Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.MC(vf) HTTP Request - Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DiamondFox HTTP Post CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ext Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ignore Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Key Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Landing Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Priority Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Services Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Wipe Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol HTTP Cookie Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirectsX CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirtJumper Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DistTrack/Shamoon CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DistTrack/Shamoon CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE D-Link ShareCenter (DNS-320/325) RCE (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DLoader File Download Request Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DMSpammer HTTP Post Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Commands Embedded in Webpage Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Requesting Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Domen SocEng Redirect - Landing Page Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonBot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donkeyp2p Update Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Pult Downloader Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Template Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dooptroop CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dooptroop Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot GeoIP Lookup to wipmania
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot Loader Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downadup/Conficker A or B Worm reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Downloaded .bat Disables Real Time Monitoring
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded .bat Disables Windows Defender
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded Script Disables Firewall/Antivirus
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader General Bot Checking In - Possible Win32.Small.htz related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader (P2P Zeus dropper UA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Banload Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Geral Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader Win32.Small.agoy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Small CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dridex Base64 Executable
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex/Bugat/Feodo Cookie
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo GET Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo POST Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex DL Pattern Feb 18 2016
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex Post Check-in Activity
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Retrieving Second Stage
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex v2 POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Driveby Exploit Attempt Often to Install Monkif
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Driveby Loader Request List.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dropper Checkin 2 (often scripts.dlv4.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dropper Checkin (often scripts.dlv4.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Encoded Binary - Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dumador Reporting User Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DustySky CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DustySky Payload Link Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyre CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Ex-filtrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Fake Server Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/Mist Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ElectroRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF_BASHLITE.SMB Dropping Files
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/DarkNexus User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/LiLocked Ransom Note in HTTP Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/MachO.Netwire Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mayhem Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M1 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai User-Agent Observed (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Damien)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (lessie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Rift)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Solar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Damien)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (lessie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Rift)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Solar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/muBoT User-Agent (I’m a mu mu mu ?)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Attempting to Download Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Scanner Module Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/TooEasy Miner CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE EMAIL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Certificate Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet Post Drop C2 Comms M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet v2 Exfiltrating Outlook information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Wifi Bruter Module Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enigma Locker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Cobalt Strike Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [eSentire] VBS Retrieving Malicious Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ESPecter Bootkit Initialization Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Ping
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Registration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EUPUDS.A Requests for Boleto replacement
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Google Drive Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Monero Cryptocurrency Miner Request Pools
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evilnum Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Error Report
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil PDF Retrieving Emotet Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer Retrieving CnC Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Exorcist 2.0 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKBEN Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FAKE AOL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.dfze/FakeAV!IK Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV FakeSmoke HTTP POST check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE AV HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Install
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page (aid sid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV oms.php Data Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV security_scanner.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV User-Agent XML
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Faked Russian Opera UA without Accept - probable downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Google Chrome Notifications Installer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake IBM SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKEIE Minimal Headers (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Opera 8.11 UA related to Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE/ROGUE AV/Security Application Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Virtually SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Windows Scam ScreenLocker
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE YAHOO SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeYak or Related Infection Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Farfli HTTP Checkin Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS RAM Scraper Sending Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Reporting Error Code
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Keystrokes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Status Logs
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Software Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Successful Software Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Version Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FBot Downloader Generic GET for ARM Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Felismus CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Felismus CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FF-RAT Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FighterPOS CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FighterPOS CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Fileless infection dropped by EK CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Filename explorer.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename server.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename svchost.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN12 Related ICECANDLE/Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WEIRDLOOP/Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WHITEDAGGER/Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN6 StealerOne CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FindPOS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FinSpy Related Flash Installer Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FinSpy Related WinRAR Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.BEACON M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FlashBack Mac OSX malware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Formbook 0.3 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FormBook CnC Checkin (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FortDisco Reporting Status
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Data)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Yuok)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRatReporter check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Error Report POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSocket Request M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSockets Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FraudLoad.aww HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA LETITGO
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA single
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fruspam polling for IP likely infected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer Init Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullspace.cc or Related Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gaboc Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Galock Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Gamania Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Maldoc Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon File Stealer POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon MalDoc CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related VBS Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamarue/Andromeda Downloading Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gameredon Loader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamut Spambot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamut Spambot Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GandCrab Style External IP Check (Spoofed Yahoo Host)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GanDownloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket Submitting Logs to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gatak CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gazer HTTP POST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Related Downloader User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Banker.PWS POST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Downloader Checkin URL (GUID+)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Trojan Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Win32 Backdoor Checkin POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Win32 Backdoor Checkin POST Packet 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - 8Char.JAR Naming Algorithm
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic .bin download from Dotted Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Checkin - MSCommonInfoEx
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader checkin (3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader Checkin - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader - HTTP POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper/Clicker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper Installing PUP 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper Installing PUP 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic gate .php GET with minimal headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GENERIC Likely Malicious Fake IE Downloading .exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Password Stealer User Agent Detected (RookIE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic -POST To file.php w/Extended ASCII Characters
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - POST To .php w/Extended ASCII Characters
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Request to gate.php Dotted-Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Trojan Checkin (UA VBTagEdit)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Trojan with /? and Indy Library User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Win32.Autorun HTTP Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Genome User-Agent (Http Down)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Geocon CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot initial checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot requesting update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georgian Targeted Attack - Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gimemo Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GlitchPOS CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Glupteba CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/Anubis CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Godlua Backdoor Downloading Encrypted Lua
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/Hack Browser Data Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoLang Discord Token Grabber Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoldenSpy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoldenSpy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gootkit Checkin User-Agent 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/PSW.Agent_AGen.A Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GORGON APT Download Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GORGON APT Download Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/BlackNet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi check-in / update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi Communication 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/Ursnif/Papras Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/Ursnif/Papras Grabftp Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Grandoreiro CnC Activity (vbs)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Grandoreiro Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GreenDou Downloader User-Agent (hello crazyk)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gulpix/PlugX Client Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE H1N1 Loader CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE H1N1 Loader CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE HabitsRAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE hacker87 checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Android Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Elite Windows Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Scout Windows Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hades APT Downloader Attempting to Retrieve Stage 2 Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover Campaign Keylogger 2 checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover Campaign Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover related campaign Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover related campaign Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Harvester Group Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Havex RAT CnC Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Havex RAT CnC Server Response HTML Tag
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Initial Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Sending System Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Haxdoor Reporting User Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Haxdoor Reporting User Activity 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HB_Banker16 Get
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HiddenTears Ransomware Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Higaisa CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Higaisa CnC (ipconfig)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Higasia CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HighTide trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti loader installed successfully request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti loader requesting payload URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti/Mufanom Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hoax.Win32.BadJoke/DownLoader1.57593 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HompesA Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTA.BabyShark Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTA.BabyShark HTTP Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded PowerShell Args Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded WScript.Shell Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Andromeda File Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Tasking File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Task Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Task Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPTool User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon.DF Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon URL Infection Checkin Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (??)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (RAV1.23)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (VIP2007)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HYDSEVEN VBS CnC Host Information Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID/Emotet Certificate Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID Observed Domain (loadfreeman .casa in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID WebSocket Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG JAVAFOG JAR checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG-P Variant CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG-P Variant CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IceRat Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IceRat CnC Acitivty M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE iebar Spyware User Agent (iebar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IIStealer Inbound Exfil Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IIStealer Inbound Exfil Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Illusion Bot (Lussilon) Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent IAMDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent kav
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent STORMDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent YTDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound JasperLoader Using Array Push Obfuscation
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound MonetizeUs/LNKR Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inception APT malware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IndigoZebra APT BoxCaon DropBox Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IndigoZebra APT xCaon/Textpadx Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE indux.php check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE InfoBot Sending LAN Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE InfoBot Sending Machine Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Bancos ProxyChanger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Banprox Proxy.pac Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Jackpos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Jackpos Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Mysayad Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Mysayad Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Instagram Like Bot (like4u) CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Instagram Like Bot (like4u) CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Internet Protection FakeAV checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IOS.Oneclickfraud HTTP Host
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IP Grabber CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IrcBot Downloading .old
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IrcBot Fantasy Name Gen
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ironhalo CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Iron/Maktub Locker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ISMAgent CnC Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ISRStealer Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IsSpace/Zacom Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ixeshe/Mecklow Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ixeshe/Mecklow Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IXWARE Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JackPOS XOR Encoded HTTP Client Body (key AA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jadtree Downloader rar
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jaff Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JAR/Qealler Stealer HTTP Headers Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasmin Ransomware C2 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JasperLoader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java Archive sent when remote host claims to send an image
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java Download non Jar file
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java/QRat Retrieving PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JavaScriptBackdoor HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Javascript Click and Removal of Download Element
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Javascript Displays malicious download page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jembot PHP Webshell (file upload)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jembot PHP Webshell (system command)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE jFect HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Joanap CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jorik FakeAV GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Agent.NZH CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/HTA Downloader Behavior M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS.InfectedMikrotik Injects Domain Observed in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-11-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-11-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-06
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Ostap CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Ostap Maldoc Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx CnC Activity - Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx CnC Activity - Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/RAA Ransomware check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS Sniffer Framework Sending to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Spy.Agent.AW Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/TrojanDownloader.Agent.TXV CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Unk Downloader 0 Byte POST CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JunkMiner Downloader Communicating with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kaseya VSA Exploit Activity M1 (SET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kaseya VSA Exploit Activity M2 (SET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kelihos/Hlux GET jucheck.exe from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kelihos.K Executable Download DGA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger Uploading Screenshots
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (go https)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (kill)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (sleep)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyLogger related to FindPOS CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE KimJongRAT cnc exe pull
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky CSPY Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor Secondary Payload Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Malware Suite Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Malware Suite Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Operation Blue Estimate CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (down)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (init)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (ping)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity Sending Windows Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (HEAD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Retrieving Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Script Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky WildCommand CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KINS/ZeusVM Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE KINS/ZeusVM Variant Retrieving Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kishop.A checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KLog Nick Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Knockbot Proxy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Knock.php Shiz or Rohimafo CnC Server Contact URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Malicious Doc Downloading Payload Dec 06 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header CERT.PL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header INetSim
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Skunkx DDOS Bot User-Agent Cyberdog
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni RAT Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni RAT Querying CnC for Commands
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni Related Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni Stage 2 Payload Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface C&C availability check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface Checkin via POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface HTTP Request (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface Trojan HTTP Post Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kovter Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kpang.com Related Trojan User-Agent (alertup)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KPOT Stealer Initial CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KPOT Stealer Initial CnC Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kraken Ransomware End Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kraken Ransomware Start Activity 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kriptovor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kriptovor External IP Lookup checkip.dyndns.org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kriptovor Retrieving RAR Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kryptik Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kuluoz Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kuluoz/Asprox Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE L0rdix Stealer CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE L0rdix Stealer CnC Sending Screenshot
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LAME SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lampion CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LankerBoy HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Lazarus APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lazarus Downloader (JEUSD) CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Lazarus Maldoc CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lazarus Related Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LeChiffre Ransomware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Legion Loader Activity Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (Amen)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (carlos_castaneda)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (heil_moloch)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (heil_satan)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (legion)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (lilith)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (Mylegion666)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (neva-project)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (salmonella-symptome)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (satan)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (suspira)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (the devil)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (YourUserAgent)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Linux Shell Script CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Activity M14
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Checkin M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell - Install Tracking
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell - RDP Credential Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Arid Viper APT Advtravel Campaign GET Keepalive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Arid Viper APT Advtravel Campaign POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely CryptoWall .onion Proxy domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Macro EXE DL mar 15 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Macro EXE DL mar 28 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Request for uac.exe With Minimal Headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Fake Antivirus Download InternetAntivirusPro.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Likely Geodo/Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Likely Geodo/Emotet Downloading PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Geodo/Emotet Downloading PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Infected HTTP POST to PHP with User-Agent of HTTP Client
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Koobface Beaconing (getexe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely PadCrypt Locker PKG DL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likseput.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Limitless Logger RAT HTTP Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linkup Ransomware check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux DarkRadiation Ransomware Activity Attack Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Activity (curl)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Activity (wget)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Telegram Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux/Lady CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Lady CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/LuaBot CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/MayhemBruter Inbound Ping From CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Moose HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Moose HTTP CnC Beacon Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux.Mumblehard Command Status CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux.Mumblehard Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux.Ngioweb Stage 1 CnC Activity Client Request (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/SSHDoor.A Reporting Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Torte Downloading Binary
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Remote Shell M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Remote Shell M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LNK/Agent.GX CnC Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LockPOS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin Dec 5 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC checkin Nov 21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC checkin Nov 21 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky Intermediate Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LogPOS Sending Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Cryptocurrency Wallet Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Fake 404 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot File Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Keylogger Data Exfiltration Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Keylogger Data Exfiltration Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Request for C2 Commands Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Request for C2 Commands Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Screenshot Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Loki Locker Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LolliCrypt Ransomware Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop_com or variant Checkin (9kgen_up)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lost Door Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LuckyCat/TROJ_WIMMIE Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lucky Ransomware Reporting Successful File Encryption
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LumOffice Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil via Discord M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil via Discord M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lurk Click fraud Template Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lurk Downloader Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LYCEUM MSIL/DanBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyposit Ransomware Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Lyposit Ransomware Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mac Flashback Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac Flashback Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MacOS/UpdateAgent.A CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MacOS/UpdateAgent.A CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac Trojan HTTP Checkin (accept-language violation)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac User-Agent Typo INBOUND Likely Hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart Exfil URI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart JS Retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magecart/Skimmer - AngryBeaver Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MAGICHOUND.FETCH CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MAGICHOUND.FETCH Retrieving Malicious PowerShell
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MAGICHOUND.RETRIEVER CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Magician/M461c14n Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MagikPOS CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MagikPOS Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MagikPOS Downloader Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magniber Ransomware Retrieving Instructions
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity Sending Windows User Info (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity Sending Windows User Info (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Downloading from Dropbox via API
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Exfil (2019-12-12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc OneDrive Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Request for Payload (TA505 Related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Requesting Payload 2020-04-21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Additional Resources (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Binary (Likely Trickbot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload 2021-06-15
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Payload 2021-07-06
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload March 30 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload May 23 2017 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Possible Ostap Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Remote Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Remote Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Second Stage VBS Downloader with URL Padding
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Sending Windows System Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Chrome Extension Requesting Websocket
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Cobalt Strike SSL Cert (asurecloud .tech)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Dropper Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious JS.Nemucod to PS Dropping PE Nov 14 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious lnk Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Mega Chrome Extension Exfil Domain (www .megaopac .host in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Second Stage Payload Inbound 2021-02-19
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious SSL Certificate detected (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (FindPOS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC)
ET MALWARE Malicious SSL Certificate detected (Patchwork CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (Possible Sinkhole)
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious VBE Script (COVID-19 Phish 2020-04-03)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious VBS Downloader fake image zip
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious XLS DDE rar Drop Attempt (.live)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious XLS DDE rar Drop Fake 404 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mal/Ransom-CE Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MASSLOGGER Client Data Exfil (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MassLogger Client Exfil (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matanbuchus Loader CnC M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matanbuchus Loader Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matiex Keylogger Exfil Via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matryoshka CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matsnu Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maze/ID Ransomware Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mazilla Suspicious User-Agent Jan 15 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Medfos Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Medfos/Midhos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP Variant CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MegalodonHTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MegalodonHTTP CoinMiner Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE MegalodonHTTP/LuciferHTTP Client Action
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Megumin v2 Stealer User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mekotio HTTP Method (111SA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mera Keylogger POSTing keystrokes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Meredrop/Nusump Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mermaid Ransomware Variant CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mespinoza Ransomware - Pre-Encryption File Exfil to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE METALJACK APT32 CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mevade Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Domain Observed in SNI (samwinchester .club)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Reporting Infected System Information and RAT Version
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Screenshot Upload M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Screenshot Upload M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Sending JPG Screenshot to CnC with .his Extension
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Midhos/Medfos downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MilkyBoy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MilkyBoy CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE/MINEDOOR CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke variant C&C activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke Variant CnC Beacon via WebDAV
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Minirem
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirage Campaign checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Client Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Client Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miuref/Boaxxe Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ModPipe CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Moist Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MoneroPay Ransomware Payment Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Monsoon Tinytyphon CnC Beacon Exfiltrating Docs
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Monsoon Tinytyphon CnC Beacon GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MontysThree HTTPTransport Module Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Moose CnC Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MosesStaff APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MRCR1 Ransomware Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MRCR1 Ransomware Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MS_D0wnl0ad3r Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MS_D0wnl0ad3r Screenshot Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.ATS CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.BIC Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.DNL CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.DNL Server Response Task (whoami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Data Exfil (sysinfo)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Task Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Alcatrez Locker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Almashreq CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Almashreq Executing New Processes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Autorun.AD Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Azula Logger CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.BackNet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/BlackGuard Stealer Exfil Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/BlackGuard Stealer Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Bobik CnC Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoalaBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoderVir Stealer Zip Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoinMiner Performing System Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE MSIL/Document Stealer Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/EasyLocker Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Eredel Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G1 Stealer/GravityRAT Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G1 Stealer/GravityRAT Uploading File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G2 Stealer/GravityRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GenKryptik.FQRH Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GravityRAT CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/HadesLocker Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Heracles Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Hidden-Tear Variant Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Injector.VVP Downloader Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Juliens Botnet CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Karmen Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/KeyRedirEx Banker Receiving Exit Instruction
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/KeyRedirEx Banker Receiving Redirect/Inject List
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/KeyRedirEx Banker Requesting Redirect/Inject List
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Khonsri Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL.Kraken.v2 HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer Screenshot Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer Systeminfo Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Lordix Stealer Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Matrix Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Matrix Ransomware Sending Encrypted Filelist
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Monitor.PCTattletale.A Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/n2019cov (COVID-19) Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NewHT Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NoCry Ransomware Checkin Via Discord
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/PSW.Agent.QJK Stealer Data Exfil Via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Runsome Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/SamMiner CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SamMiner CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Spy.Banker.DH Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Spy.Keylogger.ENJ Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.JVN CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Small.CLJ CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Unk.HT-Based Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL.Zapchast Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MS Office Macro Dridex Download URI Jan 7 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater alt checkin to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater Connectivity Check to Google
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater POST checkin to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Maldoc Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Telegram Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Registering with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Requesting Command from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Sending Command Output to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Sending Screenshot to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Murlo Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MUROFET/Licat Trojan
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mustang Panda/RedDelta Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mustang Panda/RedDelta Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mutter Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Load Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Load Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Posting Host Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Stats Callout Aug 18 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Stats Callout Oct 28
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MZRevenge Ransomware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Naoinstalad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nbar.co.kr Related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemty Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nemty Ransomware Payment Page ID File Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nemucod Downloading Payload 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemucod JS Downloader Aug 01 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemucod JS Downloader June 12 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NetBackdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NetBackdoor User-Agent (.net backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Program Wrapper Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Proxy Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Proxy User-Agent (idk)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Related Activity (Program Wrapper)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce User-Agent (Netbounce)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Neverquest Request URI Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Neverquest/Vawtrak Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NEWPASS CnC Client Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings Data Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings POST with Fake UA and Accept Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nexus Stealer CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NightfallGT Discord Nitro Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE NightfallGT Discord Token Grabber
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NightfallGT Mercurial Grabber
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nitlove POS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nitro Stealer Exfil Activity (Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM (TA421) EnvyScout Fingerprint Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM Win32/VaporRage Loader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Client CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Client Data POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Command Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Command Sent to Client
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Interactive Client CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Novaloader Stage 2 VBS Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor - Sending SOCKS Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor - Task Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NS SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NuggetPhantom Module Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nuke Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nymaim.BA CnC M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nymaim.BA CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Obitel Downloader Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AHK Downloader Request Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed APT41 Malicious SSL Cert (ColunmTK Campaign)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed APT/SideWinder CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AZORult CnC Domain (miscrosoftworrd .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (bigjamg .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (cntrhum .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (dghns .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (doldig .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (gut45bg .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (moig .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (numklo .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (sh78bug .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (vighik .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Blackrota Domain (blackrato .ga in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .automercado .co .cr in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLUELIGHT Payload Domain (storage .jquery .services in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BOUNCEBEAM Backdoor CnC Domain (cloudflare .5156game .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buer Loader Domain (officewestunionbank .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA (BURAN)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA (GHOST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Card Skimmer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CDC Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Certificate Containing Double Base64 Encoded Executable Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Certificate Containing Possible Base64 Encoded Powershell Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CloudAtlas APT Related Domain (checklicensekey .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Stike CnC Domain (nirsoft .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (charity-wallet .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed CobaltStrike CnC Domain (defendersecyrity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (defenderupdateav .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (dimentos .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (gmbfrom .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (gojihu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (Gojihu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain in TLS SNI (cs .lg22l .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (krinsop .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (onlineworkercz .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (sazoya .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike CnC Domain (security-desk .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (securityupdateav .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed CobaltStrike CnC Domain (stg .pesrado .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (windowsupdatesc .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (www .msfthelpdesk .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (yawero .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike CnC Domain (yuxicu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (Yuxicu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike Domain (asureupdate .tech in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike Loader Domain (cybersecyrity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Related Domain (azurestat .app in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Related Domain (cdnwin .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (croperdate .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (kaslose .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (world .healthamericacu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike/TEARDROP CnC Domain Domain in TLS SNI (mobilnweb .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobInt CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobInt CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CoinMiner CnC Domain (en24zuggh3ywlj .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed CoinMiner CnC Domain (endpsbn1u6m8f .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed CoinMiner CnC Domain (enoyq5xy70oq .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DangerousPassword APT Related Domain (cop .osonlines .co in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (datacentre .center in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (shopapppro .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (shopapptech .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DarkSide Ransomware CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (catsdegree .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (temisleyes .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DCRat CnC Domain (dud-shotline .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DCRat CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DecryptmyFiles Ransomware User-Agent (uniquesession)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Default CobaltStrike SSL Certificate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DonotGroup Maldoc Related Domain (digitalresolve .live in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (download-serv-234116 .xyz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (get-europe-group .bar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (manholi .xyz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (phonefix .bar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain (phonefix .bar in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evil Keitaro TDS Redirection Domain (fiberswatch .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evrial Domain (projectevrial .ru in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FIN12 Related Cobalt Strike Domain (netrie .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed FIN12 Related Domain (hdhuge .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FIN7 CnC Domain (injuryless .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FinSpy Domain (browserupdate .download in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Get2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Get2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GET Request to Jaff Domain (orhangazitur . com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GhostWriter APT Related Cobalt Strike Domain (ao3 .hmgo .pw in TLS SNI)
ET MALWARE Observed Glupteba CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoLang Dropper Domain (en7dftkjiipor .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed HTTP Request to Known PUA Host Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed HTTP Request to Known PUA Host Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain (nothingtodo .co in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (80frontluzkher .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (bruzilovv .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (deactivate .best in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (deactivate .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (ldrtoyota .casa in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JS/Magecart Domain in TLS SNI (manag .icu)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JSSLoader Domain (deprivationant .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JSSLoader Variant Domain (legislationient .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (blackl1vesmatter .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (gogohid .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (vincentolife .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Karen Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Karen Ransomware Domain (karen .h07 .wlh .io in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Karen Ransomware Powershell Loader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Koadic Header Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus APT Related Domain (designautocad .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Maldoc CnC Domain (shopweblive .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Related Domain (docs .gsheetpage .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Related Domain (share .bloomcloud .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lunar Builder Domain (lunarbuilder .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain (mcdnn .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain (mcdnn .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Domain (webscriptly .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Exfil Domain (imags .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (pathc .space in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (toolser .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (zolo .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (analiticsweb .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (cloudflare-cdnjs .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analitycs .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .online in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googletagsmanager .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (static-zdassets .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart/Skimmer - _try_action CnC Domain (cdn-frontend .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Maldoc CnC Domain (cloud-documents .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Maldoc Domain (travelcrimea .info in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Cobalt Strike SSL Cert (cdnengine .biz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Cobalt Strike SSL Cert (setupfastonline .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups Domain (unohcr .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups (officemodel .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups (tcahf .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious FIN12 Related SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious FIN12 Related SSL Cert (serviceswork .net)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AgentTesla CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT29)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 JEShell CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT34 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT MustangPanda CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-11-18
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bancos Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Blackrota)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (chMiner/RAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike Malleable C2 Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobInt CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CONFUCIOUS_B CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CoreBot C2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CoreDn/BLINDINGCAN Activity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (DeadlyKiss APT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup/Patchwork CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ElegyRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ELF/Rekoobe CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fake Gmail Self Signed - Possible Cobalt Stirke)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN7/GRIFFON CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN7/JSSLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gelsemium CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (GRIFFON CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (JS/Ostap CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (jssLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (JS WebSkimmer Exfil Site)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Klingon RAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc 2020-11-30)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc DL 2020-05-05)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (LazarusGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Magecart/Skimmer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc 2020-03-09)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL) 2019-10-24
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-11-15)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-05-27)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-06-18)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MassLogger)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Meterpreter Paranoid Mode CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MICROPSIA CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Mirrortheif group)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (More_eggs CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MosaicRegressor WinHTTP Downloader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MSIL/Agent.TRM CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (NHS UK Covid Passport Phish)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OceanLotus APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OilRig QUADAGENT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OZH Rat)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Panda Banker C2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Panda Banker Injects)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (PhantomNet/Smanager CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Possible APT33 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Possible Godlua CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERRATANKBA CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Python RAT (Aurora Campaign))
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ReactGet Group)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SedUploader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ShadowHammer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SideWinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Silver Implant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Strongpity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (TaurusStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Turla/APT34 CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Turla CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Upatre CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif Inject Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif Injects)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (W32/TrojanDownloader.Agent.FBF Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/SandCat CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Unk Downloader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zepakab CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zeromax Stealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zloader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious UA (Skuxray)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malsmoke Staging Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malware Delivery Domain (analyticsnet .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malware Delivery Landing Page Domain (bigeront .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MassLogger Domain in TLS SNI (ecigroup-tw .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MAZE Ransomware CnC Domain (checksoffice .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MAZE Ransomware CnC Domain (plaintsotherest .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MAZE Ransomware CnC Domain (thesawmeinrew .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MSIL/Heracles Variant CnC Domain (stainless .fun in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MSIL/n2019cov (COVID-19) Ransomware CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Nemty Ransomware Payment Page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/NukeSped Variant CnC Domain (fudcitydelivers .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/NukeSped Variant CnC Domain (sctemarkets .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/WizardUpdate Domain in TLS SNI ( .dlvplayer .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Pegasus Domain (api1r3f4 .redirectweburl .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Pegasus Domain (hooklevel .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PoetRAT Domain (dellgenius .hoptop .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PoetRAT Domain (slimip .accesscam .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Possible PowerSploit/PowerView .ps1 Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ProtonBot User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Puzzlemaker Remote Shell Domain (media-seoengine .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Qbot Style SSL Certificate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Reimageplus Ransomware Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Sidewinder APT User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Silver Implant Domain (raspoly .biz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed sLoad Related Domain (angedionisu .eu in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SluttyPutty Maldoc User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSL/TLS Cert (Splashtop Remote Support)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (be-government .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (drmtake .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (edgecloudc .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (flushcdn .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (gitcloudcache .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (hostupoeui .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed SSV Agent CnC Domain (rsnet-devel .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (applicationrepo .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (hardwareoption .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (hierarchicalfiles .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (hostoperationsystems .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (pulmonyarea .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (resolutionplatform .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity CnC Domain (uppertrainingtool .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity Domain (autoconfirmations .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity Domain (lurkingnet .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed StrongPity Domain (singlefunctionapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed TA471/UNC2589 Go Downloader User-Agent (-hobot-)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (blog .br0vvnn .io)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (codevexillium .org)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (krakenfolio .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (transferwiser .io)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (transplugin .io)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Targeted Attack Malicious SSL Cert (angeldonationblog .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Targeted Attack Malicious SSL Cert (investbooking .de)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Targeted Attack Malicious SSL Cert (opsonew3org .sg)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed TaurusStealer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Thanatos Ransomware Variant Pico User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Trojan.Verblecon Related Domain (gaymers .ax in TLS SNI)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Trojan.Verblecon Related Domain (jonathanhardwick .me in TLS SNI)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Trojan.Verblecon Related Domain (.verble .rocks in TLS SNI)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Trojan.Verblecon Related Domain (verble .software in TLS SNI)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed TrumpHead Ransomware CnC Domain (6bbsjnrzv2uvp7bp .onion .pet in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020 .cf in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Turla Domain (vision2030 .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Unk.PowerShell Loader CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Upatre CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Ursnif CnC Domain (Gloderuniok .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Ursnif CnC Domain (Vloderuniok .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Ursnif Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Ursnif Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed VikroStealer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed VikroStealer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32/CollectorStealer User-Agent M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32/CollectorStealer User-Agent M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32/DecryptStealer Exfil Domain (geroipanel .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (annafraudy .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (attentionmagnet .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (belochkaneprihoditodna .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (birdmilk .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (blogsolutions .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (footballstar .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (genericalphabet .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (gimmegimmejimmy .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (gopstoporchestra .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (lomhasnopryiyome .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (mindbreaker .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (msresearchcenter .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (newageiscoming .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (number1g .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (number2g .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (realonlinetrend .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (stanculinaryblog .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (stockme .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (tapewormorchestra .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (whatsthescore .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (youareperfect2day .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer Domain (cheapfacechange .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32.Raccoon Stealer Domain (hellowoodie .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32/Wacapew.A!ml Domain in TLS SNI (zytrox .tk)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Win32/Ymacco.AA36 User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ZLoader CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed ZLoader CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed ZLoader Related Domain (lkjhgfgsdshja .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OceanLotus System Profiling JavaScript HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Octopus Malware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Octopus Malware CnC Server Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Octopus Malware CnC Server Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Octopus Malware Initial Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Office Macro Emotet Download URI Nov 24 2021
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Oficla Checkin (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Oficla Downloader Activity Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OilRig APT PowDesk Powershell Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OilRig OopsIE CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OilRig OopsIE CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OilRig OopsIE CnC Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OilRig QUADAGENT CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Oilrig Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OLDBAIT Checkin 2 brvc
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OLDBAIT Checkin sptr
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OneLouder Common URI Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Onkods.A Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Baby Coin syschk CnC Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Blockbuster User-Agent (Mozillar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Buhtrap CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Operation Cobra Venom WSF Stage 1 - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Cobra Venom WSF Stage 1 - File Decode Completed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Cobra Venom WSF Stage 2 - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation EvilTraffic Initial Redirect M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation EvilTraffic Initial Redirect M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Interception Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Operation Mystery Baby syschk CnC Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation SpoofedScholars Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Operation Tripoli Related CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Orca RAT URI Struct 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Orca RAT URI Struct 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Orca RAT URI Struct 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Orca RAT URI Struct 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OS X Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Flashback.K first execution checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Flashback.K/I reporting failed infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Flashback.K/I reporting successful infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Flashback.K/I reporting successful infection 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Flashback.K/I User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/GMERA.B CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/LamePyre Screenshot Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Mami CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/MapperState CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Mokes.A CnC Heartbeat Request (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/NukeSped Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/OceanLotus.D Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/OceanLotus.D Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Proton.B Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Proton.C/D Domain (eltima .in in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Proton.C/D Domain (handbrake .cc in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Proton.C/D Domain (handbrakestore .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Shlayer CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Shlayer CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Shlayer CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Shlayer CnC Landing M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/Shlayer Malicious Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/WireLurker checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/WireLurker CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE OSX/WireLurker HTTP Request for manhuaba.com.cn
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/WireLurker HTTP Request for www.comeinbaby.com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/WireLurker User-agent (globalupdate)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/WizardUpdate CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE OSX/ZuRu Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ousaban Related Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Outbound POST Request with ps PowerShell Command Output
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Packed Perl with Eval Statement
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Panda Banker C2 Domain (uiaoduiiej .chimkent .su in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Panda Banker CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Panda Banker Injects Domain (urimchi3dt4 .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pandemiya User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Papras Banking Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Parite Setup Connection (tqzn.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Password Stealer - User-Agent (Ucheck)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Patchwork APT CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Patchwork Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Patchwork Backdoor - Requesting Task
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Patchwork Backdoor - Sending Task Results
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PawnStorm Sednit DL Aug 28 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PDF 0day Communication - agent UA Feb 14 2013
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Peppy/KeeOIL Google Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Phorpiex Botnet Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PHP Skimmer Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PHPs Labyrinth Backdoor Stage1 CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PHPs Labyrinth Backdoor Stage2 CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PHPs Labyrinth Backdoor Stage2 CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Piptea.a Related Trojan Checkin (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Piptea.a Related Trojan Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Plasmabot CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Platinum APT Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Platinum APT - Titanium Hardcoded String Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Platinum APT - Titanium Payload CnC Checkin (x64)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Platinum APT - Titanium Payload CnC Checkin (x86)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PLATINUM Dipsind CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PLATINUM Steganographic HTTP Response Page Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlayMP3z.biz Related Spyware/Trojan Install Report
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Playtech Downloader Online Gaming Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Plead TSCookie CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Plead TSCookie CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Plead TSCookie CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Plead TSCookie CnC Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlugX Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlugX Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlugX/Destory HTTP traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlugX/Korplug CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PlugX variant
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PNScan.2 Inbound Status Check Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PNScan.2 Inbound Status Check - set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poebot Related User Agent (SPM_ID=)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PoetRAT Upload via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Polaris Botnet User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Polaris Botnet User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup C2 Post-infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup C2 Sending Data to Controller 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup C2 Sending Data to Controller 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup HTTP Request (generic) M9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ponmocup Redirection from infected Website to Trojan-Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pontoeb CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pony Loader default URI struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Adwind/jSocket SSL Cert (assylias.Inc)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT-12 Related C2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT28 Maldoc CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT28 Xtunnel Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT29 CozyBear/SeaDaddy SSL/TLS Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT30 or Win32/Nuclear HTTP Framework
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT34 TONEDEAF 2.0 User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT40/Dadstache Stage 2 Payload Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible APT 41 Fake Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Check Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Command Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Archie EK Payload Checkin GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Asprox Pizza
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Astaroth User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Babar POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Backdoor.Linux.Tsunami Outbound HTTP request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible BACKSWING JS Framework POST Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Banload Downloading Executable
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Bedep Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Bedep Connectivity Check (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Charming Kitten Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Charming Kitten Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DACLS RAT CnC (Log Server Reporting)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DANDERSPRITZ Default HTTP Headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DANDERSPRITZ HTTP Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible Darkhotel Higasia Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Darkhotel Higasia Downloader Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Darkhotel Higasia Downloader Requesting Module
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DarkRats Tor Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DarkTequila SSL/TLS Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible DEEP PANDA C2 Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible Deep Panda User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dragonfly APT Activity HTTP URI OPTIONS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dridex Download URI Struct with no referer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Drive DDoS Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Duqu 2.0 Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dyre SSL Cert (fake state)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dyre SSL Cert Jan 22 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dyre SSL Cert M1 (L O)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dyre SSL Cert M2 (L CN)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Dyre SSL Cert M3 (O CN)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Emissary External IP Lookup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Encoded Wide PowerShell (IEX) in Certificate Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Evil Macro Downloading Trojan Dec 16 2015 Post to EXE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible FakeAV Binary Download (Security)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Fake AV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible FoggyWeb Backdoor Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible FortDisco Reporting Hacked Accounts
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Gamaredon HEAD Request for .dot file on ddns.net
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Generic RAT over Telegram API
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Godzilla Loader Base64 Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Graftor EXE Download Common Header Order
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IceRat CnC Acitivty
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible iKittens OSX MacDownloader CNC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible IndigoDrop/Cobalt Strike Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IoT_reaper ELF Binary Request M1 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IoT_reaper ELF Binary Request M2 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IoT_reaper ELF Binary Request M3 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IoT_reaper ELF Binary Request M4 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible IoT_reaper ELF Binary Request M5 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible JKDDOS download cl.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible JKDDOS download ddos.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kaseya VSA Exploit URI Structure Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kelihos.F EXE Download Common Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kelihos.F EXE Download Common Structure 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kelihos Infection Executable Download With Malformed Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kimsuky APT Connectivity Check via Document
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kimsuky Related Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kimsuky Related Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Kimsuky Related Malicious VBScript
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible KONNI CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Konni Encrypted Stage 2 Payload Inbound via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible KONNI URI Path Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Linux/Cdorked.A CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Linux/Cdorked.A Incoming Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Locky VB/JS Loader Download Sep 08 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Magecart Credit Card Information JS Script
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Maldoc Downloader Aug 18 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Maldoc Downloading EXE Jul 26 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible MalDoc Payload Download Nov 11 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Maldoc Retrieving Dridex from pastebin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible MalDoc Retrieving Payload 2021-07-19
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible MalDoc Retrieving Payload 2021-11-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Invoice EXE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Macro DL BIN May 2016 (No UA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Macro DL EXE May 2016 (Mozilla compatible)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicious Tor Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (dll generic custom headers)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (userdir dotted quad)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Mask C2 Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible MSIL/Solorigate.G!dha/SUPERNOVA Webshell Access Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible NGLite Backdoor C2 Traffic (NKN)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible OceanLotus C2 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Outbound WebShell GIF
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Outbound WebShell JPEG
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pegasus/Trident Related HTTP Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible Pegasus/Trident Related HTTP Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible Pegasus/Trident Related HTTP Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible Pegasus/Trident Related HTTP Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible PHP.MAILER WebShell Generic Request Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible PHP.MAILER WebShell Register Shutdown Function Request Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible PlugX Common Header Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Ponmocup Driveby Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pony DLL Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Pony Payload DL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible PowerShell Empire Activity Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Puzzlemaker Remote Shell Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Ransomware HTTP POST to Onion Link Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Possible Rar’d Malware sent when remote host claims to send an Image
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible ReactorBot .bin Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Red October proxy CnC 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Red October proxy CnC 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Red October proxy CnC 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Schneebly Posting ScreenShot
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Sharik/Smoke Loader 7zip Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Sinkhole banner
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible SKyWIper/Win32.Flame POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible SQUIRRELWAFFLE Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible STEADYPULSE Webshell Accessed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible STEADYPULSE Webshell Accessed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Stitur Secondary Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TDSS User-Agent CMD
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TickGroup Casper CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TickGroup Coolbee/Avenger CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TickGroup Snack CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Tracur.Q HTTP Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TransparentTribe APT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible T-RAT Encrypted Zip Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible TRAT proxy component user agent detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Trojan.APT.9002 POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Tunna Proxy Activity (Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Tunna Proxy Activity (Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Tunna Proxy Closing Connection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Tunna Proxy Closing Connection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Turla Carbon Paper CnC Beacon (Fake User-Agent)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Possible UNC1878 Cobalt Strike CnC SSL Cert Inbound (Mountainvew)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (lol)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (office)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (Texsa)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Upatre Downloader SSL certificate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Upatre or Dyre SSL Cert Jan 22 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible W32/KanKan tools.ini Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible W32/KanKan Update officeaddinupdate.xml Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible W32/VBKlip BAN Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32.Bicololo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Dimegup.A Downloading Image Common URI Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Gapz MSIE 9 on Windows NT 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Get2 Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Napolar.A URL Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Petya Conn Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Qbot/Quakbot Checkin via HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/SillyFDC WordPress Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/SysJoker Retrieving CnC Information (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Win32/Travnet.A Internet Connection Check (microsoft.com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti-related Destination (google-searching .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti TLS Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti TLS Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti TLS SNI Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Winnti TLS SNI Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.doc
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.xls
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Zbot Activity Common Download Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Zeus GameOver Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Zeus GameOver Connectivity Check 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possible Zeus P2P Variant Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Possibly SLIGHTPULSE Related - Suspicious POST to Specific URI Path
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potao CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potao CnC POST Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potential Blackhole Exploit Pack Binary Load Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potential FakeAV HTTP GET Check-IN (/check)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potential FakePAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Potentially Unwanted Program RebateInformerSetup.exe Download Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poweliks Abnormal HTTP Headers high likelihood of Poweliks infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poweliks Clickfraud CnC M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poweliks Clickfraud CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poweliks Clickfraud CnC M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Poweliks Clickfraud CnC M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Powershell commands sent when remote host claims to send an image
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PowerShell Downloader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Powershell Octopus Backdoor Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Powershell Octopus Backdoor Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Powershell Octopus Backdoor Sending System Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PowerShell Script Downloading Emotet DLL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Powershell with Decimal Encoded RUNPE Downloaded
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PowerTrick download bot known key
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick download ver1 bot
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick download ver2 bot
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Known Key 1
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Known Key 2
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Task Answer
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Task Checkin M1
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Task Checkin M2
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PowerTrick Task Request
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE PPI User-Agent (InstallCapital)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PRG/wnspoem/Zeus InfoStealer Trojan Config Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Probable OneLouder downloader (Zeus P2P)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Probable OneLouder downloader (Zeus P2P)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Probable OneLouder downloader (Zeus P2P)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Probable OneLouder downloader (Zeus P2P)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Probable OneLouder downloader (Zeus P2P)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Project Plague CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBot Phone Home Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - botinfo.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - .com.tw/check_version.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - getiplist.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - get_servers.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - POST 1-letter.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ProxyBox - HTTP CnC - proxy_info.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Proxychecker Lookup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Proyecto RAT Variant - Yopmail Login attempt (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Proyecto RAT Variant - Yopmail Stage 2 CnC Retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PS/Beapy CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PSEmpire Checkin via POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PS/SunCrypt Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE PS/Unk.EB.Spreader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pteranodon Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pteranodon Backdoor CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pteranodon Variant 1 Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pteranodon Variant 2 Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pteranodon Variant 3 Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PT MALWARE] Hacked Mikrotik C2 Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Adwind SSL Certificate Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Donut Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Google)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Oracle America)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Oracle canada)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Yahoo)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Gozi/Ursnif Payload v12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Gozi/Ursnif Payload v14
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] JS.Trojan-Downloader.Nemucod.yo HTTP POST (:Exec:)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Kraken Ransomware Start Activity 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE [PTsecurity] Kuriyama Loader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] MSIL/Biskvit.A Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Paradise Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Possible Cobalt Strike payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Possible Trojan.Downloader UserAgent (binary_getter)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] PS/TrojanDownloader.Agent.NNR XORed Zip payload (key 0x91)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Tinba (Banking Trojan) HTTP Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Tinba Checkin 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Trickbot Data Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Trojan.Downloader VBA Script obfuscation (binary_getter)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Trojan.JS.Agent.dwz Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Trojan.JS.Agent.dwz Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] TR/Spy.Banker.agdtw Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Ursnif Encoded Payload Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] W32/Rodecap.StealRat C2 Payload (GIF)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] WeChat (Ransomware/Stealer) HttpHeader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE [PTsecurity] Win32/Ramnit Stage 0 Communicating with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/Randrew!rfn CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/SocStealer.Socelars C2 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/Spy.Agent.PMJ (MICROPSIA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/Spy.RTM/Redaman IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [PTsecurity] Win32/TinyNuke Payload ACF40 Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pult Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PunkeyPOS HTTP CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PunkeyPOS HTTP CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PunkeyPOS HTTP CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PunkeyPOS HTTP CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PunkeyPOS HTTP CnC Beacon 9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE PunkeyPOS HTTP CnC Beacon Fake UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Punto Loader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PurpleFox Backdoor/Rootkit Download Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PurpleFox EK Landing Page Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pushdo.S CnC response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Pushdo Update URL Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Putter Panda HTTPClient CnC HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PWSteal.Bancos Generic Banker Trojan SCR Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PWS.Win32/Daceluw.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE PXJ Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Py/Beapy CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Py/MechaFlounder CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Python/PBot Browser Hijacker Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Python.Ragua Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Qarallax RAT Downloading Modules
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Qtloader encrypted check-in Oct 19 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Quant Loader Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Quant Loader Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Quant Loader Download Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Quant Loader Download Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Qudox CnC Actiivty
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture GET 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture GET 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture GET 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture GET 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture POST 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture POST 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture POST 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Architecture POST 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Report GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE r0 CnC Report POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ragnarok Ransomware CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Ragnarok Ransomware CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE RampantKitten APT TelB Python Variant - CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RampantKitten APT TelB Python Variant - CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ranscam Ransomware Contact Form
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE RansomCrypt Getting Template
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RansomCrypt Intial Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ransomware.Hidden-Tear Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Ransomware Locky CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Locky CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Locky CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Locky CnC Beacon 21 May
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Locky CnC Beacon 4 21 May
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransomware Win32/WinPlock.A Successfully Installed CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ransom.Win32.Birele.gsg Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Razy Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RCtrl Backdoor CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RDP Brute Force Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Reborn Stealer 2021 Exfil attempt via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE rechnung zip file download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RedLeaves HOGFISH APT Implant CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red Leaves HTTP CnC Beacon (APT10 implant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE RedLine - GetArguments Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/dllhost/ac
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/ms/check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/ms/flush
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/nt/sk
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/nt/th
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/win/cab
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/win/wcx
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReflectiveGnome Download Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RegHelper Installation
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RegSubsDat Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Reimageplus Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Remcos Builder License Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Remote Desktop Spy Install Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Request for fake postal receipt from e-mail link
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Request for fake postal receipt from e-mail link
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Request for Malicious .dat File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Request for utu.dat Likely Ponmocup checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rerdom/Asprox CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Revcode RAT CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Revcode RAT CnC 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRat 2.0 CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRAT Activity (POST) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRAT Activity (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRAT Activity (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRAT Activity (POST) M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ReverseRAT Activity (POST) M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Revoyem Ransomware Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Revoyem Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE RezoStealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rhabdo CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RHttpCtrl Backdoor CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RocketKitten APT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RocketMan Win32/Drun
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rogue AV Downloader concat URI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rogue.Win32/FakePAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rogue.Win32/Winwebsec Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rogue.Win32/Winwebsec Install 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rootkit TDSS/Alureon Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rostpay Downloader User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Rouge Security Software Win32.BHO.egw
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE RustyBuer CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE S400 RAT Client Checkin via Discord
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SA Banker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SAD Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Sage Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Sage Ransomware Checkin Primer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Saint Bot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Saker UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sakula/Mivast C2 Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sakula/Mivast RAT CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sakula/Mivast RAT CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sakula/Mivast RAT CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sakula/Mivast RAT CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sakula/Mivast RAT CnC Beacon 7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sality - Fake Opera User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sality - Fake Opera User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sality - Fake Opera User-Agent (Opera/8.89)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sality Variant Downloader Activity (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sality Variant Downloader Activity (3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Command (download)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Command (powershell)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Command (rdp)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Command (update)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Response (cmd_exec)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Response (download_exec)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Response (powershell_exec)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Response (rdp_exec)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sarwent CnC Response (update_exec)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sasfis Botnet Client Reporting Back to Controller After Command Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Satan/5ss5c Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Scanbox Sending Host Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Screenblaze SCR Related Backdoor - GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SEASALT HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Secure-Soft.Stealer Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sednit/APT28/Sofacy Delphocy CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sednit/AZZY Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sednit Connectivity Check 0 Byte POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sefnit Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sekhmet Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE SepSys/SepSystem Ransomware Style External IP Address Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ServHelper CnC Command (Net User)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ServHelper CnC Command (Reg Add)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ServHelper CnC Command (Whoami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ServHelper CnC Inital Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ServHelper RAT CnC Domain Observed in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SFG Client Information POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Shafttt MySQL Bruteforce Bot CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Shamoon V3 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke CnC Beacon 10
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke CnC Beacon 9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Sharik/Smoke Fake 404 Response with Payload Location
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Adobe Connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Adobe Connectivity Check 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Adobe Connectivity Check 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Java Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Microsoft Connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Microsoft Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sharik/Smoke Loader Receiving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SharpPanda APT Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SharpPanda APT Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Shifr Ransomware Malicious Domain in SNI Observed
ET MALWARE ShivaGood Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Shiz or Rohimafo Reporting Listening Socket to CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Shiz/Rohimafo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SHLAYER CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Shylock Module Data POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Beacon)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Download)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Upload)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sidecopy APT Backdoor Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SideCopy APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SideCopy Group Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sidewalk CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sidewinder Stage 2 VBS Downloader Reporting Successful Infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Silent Miner Changelog Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Simda.C Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Single char EXE direct download likely trojan (multiple families)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sinowal/sinonet/mebroot/Torpig infected host checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sinowal/sinonet/mebroot/Torpig infected host POSTing process list
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sisproc update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Skyfall fake Skype install link
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE slock Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE SLOTHFULMEDIA RAT CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Slugin.A PatchTimeCheck.dat Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smart Fortress FakeAV/Kryptik.ABNC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SmokeBot grab data plaintext
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SmokeLoader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smoke Loader Checkin r=gate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smokeloader getgrab Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smokeloader getload Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smokeloader getproxy Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smokeloader getsock Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SmokeLoader - Init 0x
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SMS-Bomber Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SMSHoax Riskware checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Smurf2 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sn0wsLogger CnC Exfil M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sn0wsLogger CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Snake Keylogger CnC Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Snake rootkit usermode-centric encrypted command from server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (ALIVE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (CB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (CD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (EX)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (EXIT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (finito)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (LD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (LIST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (LS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SNIcat - Detected C2 Commands (SIZE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Socelars Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Social-bos.biz related trojan checkin (trackid=hex)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sofacy HTTP Request microsof-update.com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sofacy Request Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Solarbot Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SolarBot Plugin Download ComputerInfo
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SolarBot Plugin Download MessageBox
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SolarBot Plugin Download WalletSteal
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SolarSys CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sorano Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (default)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (rhyno321)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (SBTCM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (slayer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (VHIbot/1.0)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (Vulture)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (x09)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya C2 User-Agent (xehanort321)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Soraya Credit Card Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SoulSearcher Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Application Layer Protocol - T1071
ET MALWARE SoulSearcher Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Application Layer Protocol - T1071
ET MALWARE SpamTool.Win32.Agent.gy/Grum/Tedroo Or Similar HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SPEAR CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE SPEAR CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Spoofed MSIE 7 User-Agent Likely Ponmocup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Spoofed MSIE 8 User-Agent Likely Ponmocup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Spora Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Spora Ransomware SSL Certificate Detected
ET MALWARE SpyAgent C&C Activity (Request)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SpyAgent C&C Activity (Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SpyEye C&C Check-in URI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SpyEye Checkin version 1.3.25 or later
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SQUIRRELWAFFLE Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL Cert Associated with Lazarus Downloader (JEUSD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Buer Loader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (DiplomatLoader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Maldoc CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Quasar Related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (StrongPity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (Various Crimeware)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSL/TLS Certificate Observed (WRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SSV Agent CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Stabuniq Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StartPage jsp checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StartPage Userclass HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Stealbit Variant Data Exfil M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Stealbit Variant Data Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StealerNeko CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StealRat Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Steam Steal0r
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Steam Stealer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SteamStealer Malicious SSL Certificate Detected
ET MALWARE Steganographic Encoded WAV File Inbound via HTTP M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Steganographic Encoded WAV File Inbound via HTTP M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Stobox Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Storm C&C with typo’d User-Agent (Windoss)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StormKitty Data Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StormKitty Exfil via AnonFiles
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StrifeWater Rat CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE StrifeWater RAT CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE STRRAT Initial HTTP Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE STRRAT Requesting License Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Stuxnet index.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SunSeed Downloader Retrieving Binary (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SunSeed Download Retrieving Binary
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SunSeed Lua Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SUNSHUTTLE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Supercharge Component Download (exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Supercharge Component Download (ps1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SuperFish CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE SuperFish CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE SuperSocialat Plugin Backdoor Code Execution Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SupremeLogger CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SUR SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected APT15/NICKEL KETRUM CnC Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected APT32/OceanLotus Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected APT32/Oceanlotus Maldoc CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected APT LuckyMouse BlueTraveller CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Ares Loader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Bizarro Banker Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected DonotGroup Dropper Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected DonotGroup Dropper Telegram API Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Fancy Bear (APT28) Maldoc CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Gamaredon Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Glupteba Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Glupteba Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Gootkit Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected HARDPULSE Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Jupyter Stealer Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Kimsuky Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Lazarus APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Lockscreen Ransomware Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Suspected Malicious VBS Script Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected MuddyWater Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Mustang Panda APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Mustang Panda APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected PlugX Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Powershell Empire GET M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Powershell Empire POST M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Praying Mantis Threat Actor Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected PULSECHECK Webshell Access Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected REDCURL CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected REDCURL CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected SandCat Related Communication (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Sidewinder Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Sidewinder APT Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected TeamTNT Linux Miner Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M1 (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M2 (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M3 (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Tunna Proxy M4 (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected USBFERRY CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Win32/Hancitor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Zebrocy Downloader Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspected Zebrocy Implant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Accept-Language HTTP Header zh-cn likely Kernelbot/Conficker Trojan Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious bot.exe Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Domain (judgebryantweekes .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Suspicious Domain (lawyeryouwant .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Suspicious Download Setup_ exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Fake Opera 10 User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious flash_player.exe Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE SUSPICIOUS UA (iexplore)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious UA Mozilla / 4.0
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent (Asteria md5)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent build - possibly Delf/Troxen/Zema
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious user-agent (f**king)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent (GenericHttp/VER_STR_COMMA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent - Matcash related Trojan Downloader (Ismazo Advanced Loader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent MyAgrent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent (Post)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious user agent (V32)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious User-Agent (WindowsNT) With No Separating Space
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729))
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Swizzor Checkin (kgen_up)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Syrutrk/Gibon/Bredolab Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Sysget/HelloBridge HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE sysrv.ELF Exploit Success Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE System Progressive Detection FakeAV (AMD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE System Progressive Detection FakeAV (AuthenticAMD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE System Progressive Detection FakeAV (GenuineIntel)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE System Progressive Detection FakeAV (INTEL)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats External IP Lookup Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats Payload Downloaded
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats Pierogi Backdoor Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats Pierogi CnC Activity (Upload)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA402/Molerats Related VBS Retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA408 Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA450 GRAMDOOR Telegram CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA450 Nagual CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA450 Nagual/STARWHALE Beacon Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA450 Nagual/STARWHALE GoLang Beacon Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA453 ClumsyCover Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA453 ClumsyCover Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA453 Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA471 Malicious AutoIT File Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA471/UNC2589 Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TA505 P2P CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TABMSGSQL/Sluegot.C Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Taidoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Taidoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Targeted Activity - CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tatanga/Win32.Kexject.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Taurus Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Taurus Stealer CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TDSServ or Tidserv variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TDSS/TDL/Alureon MBR rootkit Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TDTESS Backdoor User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TeamBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TeamTNT Gattling Gun AWS Creds Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TeleBots BCS-server CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE TeleBots BCS-server User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TeleBots VBS Backdoor CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE TeleBots VBS Backdoor CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE TellYouThePass Ransomware Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Tendrit CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Tendrit CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Terse Upload to Free Image Hosting Provider (uploads .im) - Likely Malware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (O365 Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (YouTube Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (O365 Profile) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (YouTube Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE [TGI] Py.Machete HTTP CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Theoreon.com Related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tibs Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tibs/Harnig Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tibs Trojan Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TickGroup ABK Backdoor CnC Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TickGroup BROLER.F CnC Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TickGroup Datper CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TickGroup Datper CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TickGroup Datper CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tick Group Payload - Reporting Error to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tick Group Payload - Submitting Encrypted Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tinba Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TinyTurla CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tonto_SPM Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tordal/Hancitor/Chanitor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Torpig Reporting User Activity (wur8)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Torpig Reporting User Activity (x25)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tortoiseshell/HMH Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Tortoiseshell/SysKit CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Towerweb Ransomware Landing Page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE TransparentTribe APT Maldoc CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trickbot Checkin Response
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Trickbot Payload Request
Description
Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.
Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.
Recommendation
Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE TrickBot Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TripleNine RAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Agent.AIXD Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BackDoor-DRV.gen.c Reporting-1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Banker.Win32.Agent Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Bayrob Keepalive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BlackRev Botnet Command Request CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Trojan.BlackRev Botnet Monitor Request CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Trojan.BlackRev Download Executable
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BlackRev Get Command Rev3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BlackRev Registering Client
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BlackRev Registration Rev3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Dirtjump Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Downloader.Bancos Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Downloader GetBooks UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Downloader User-Agent BGroom
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Downloader User-Agent (NOPE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Downloader User-Agent (Tiny)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Downloader.Win32.AutoIt.mj Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Downloader Win32.Genome.AV
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanDownloader Win32/Harnig.gen-P Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.Delf Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.MSIL CnC Traffic - POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.Win32.Agent.ksja
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Dropper.Win32.Sysn.cdjy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.FakeMS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Generic.5325921 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Generic - POST To gate.php with no accept headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Generic - POST To gate.php with no referer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Internet Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.JS.Agent.dwz Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.JS.QLP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Kwampirs Outbound GET request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan/MSIL.bfsx Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan/MSIL.DOTHETUK CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.NSIS.Comame.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Nurjax Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Nurjax Downloading PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Nurjax Retrieving Domains via JS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Ransom.Win32.Blocker.dham Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan Related Lame Updater User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger.acqh User-Agent(EMSFRTCBVD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(bugmaal)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMO)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMOMAKE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DSMBVCTFRE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(FMBVDFRESCT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(folderwin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(MBESCVDFRT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(nento)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(sendFile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(smaal)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(TCBFRVDEMS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(UPHTTP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(vbusers)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Spy.Win32.KeyLogger.acuj Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan-Spy.Win32.Zbot.qgxi Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Verblecon User Agent Observed
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.A.FakeAV Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Antavmu.guw Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Buzus Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Codenox.gyezu CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Cosmu.xet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Trojan/Win32.FraudPack User-Agent (Downloader MLR 1.0.0)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Genome.aetqe Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Jorik.Totem.vg HTTP request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Qadars Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.VB.cefz Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.VBKrypt.cugq/Umbra Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TROJAN Win32-WebSec Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trojan.Win32.Yakes.pwo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TROJ_PROX.AFV POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Troj/ReRol.A Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Troj/ReRol.A Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Troxen Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrueBot/Silence.Downloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TrueBot/Silence.Downloader Keep-Alive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Trustezeb Checkin to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TSPY_BANKER.IDV/Infostealer.Bancos Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ttint XORed CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TURLA APT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Turla Kopiluwak User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TURLA NETFLASH CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE TwoFace WebShell Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Umbra/Multibot Loader User-Agent (umbra)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Umbra/MultiBot Plugin access
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unattributed WebShell Access - Command Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unattributed WebShell Access - File Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE UNC2628 BEACON Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE UNC2628 Malicious MSHTA Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unicorn Stealer Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unk.CoinMiner Loader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Unk.DPRK MalDoc SysInfo CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Actor Targeting Minority Groups Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Actor Targeting Minority Groups Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Actor Targeting Minority Groups CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Chinese Threat Actor Malicious Redirect Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown DPRK Threat Actor Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown - Loader - Check .exe Updated
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Mailer CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Unknown Rootkit Checkin Activity (getSystemInfo)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Rootkit Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Trojan with Fake Java User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown VBScript Loader with Encoded PowerShell Execution Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unknown Webserver Backdoor
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unk.PSAttack Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unk.VBSLoader Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unk.VBSLoader Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Unruy Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre Binary Download Jan 02 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre Common URI Struct Dec 01 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre Common URI Struct Feb 12 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre Common URI Struct July 15 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre Downloader 2p (Zeus) May 07 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre External IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Upatre User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE UPDATE Protocol Trojan Communication detected on non-http ports 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Urlzone/Bebloh/Bublik Checkin /was/uid.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Urlzone/Bebloh/Bublik Checkin /was/vas.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Urlzone/Bebloh Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Uroburos/Turla CnC (OUTBOUND) 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Uroburos/Turla CnC (OUTBOUND) 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursa Loader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Payload Request (cook32.rar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Payload Request (cook64.rar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Payload Request (grab32.rar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Payload Request (grab64.rar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ursnif Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ursnif Variant CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ursnif Variant CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Variant CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Variant Retrieving Payload (x32)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ursnif Variant Retrieving Payload (x64)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE User-Agent in Referer Field - Likely Malware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE User-Agent (Visbot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE User-Agent (Xmaker)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Variant.Kazy.174106 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Variant.Strictor Dropper
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Variant.Zusy.45802 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Various Malicious AlphaNum DL Feb 10 2016
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Vawtrak HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Vawtrak/NeverQuest Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Vawtrak/NeverQuest - Post Data Form 01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vawtrak/NeverQuest Posting Data 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBA/TrojanDownloader.Agent.PAC Retreiving Malicious VBScript
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBKlip/ClipBanker.P Status Update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS.ARS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS/Dojos Downloader Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS/TrojanDownloader.Agent.SEB Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS/TrojanDownloader.Agent.SEB Keep-Alive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS/TrojanDownloader.Agent.SEB Reporting Network Info
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBS/Wimmie.A Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBulletin Backdoor C2 URI Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VBulletin Backdoor CMD inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VenusLocker Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VenusLocker Associated User-Agent Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vicious Panda CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vidar/Arkei Stealer Client Data Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VikroStealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VikroStealer Retrieving Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ViperSoftX CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ViperSoftX CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VirTool.Win32/VBInject.gen!DM Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Virtumod/Agent.ufv/Virtumonde Get Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Virtumonde Variant Reporting to Controller via HTTP (3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Virusremover2008.com Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Virut Counter/Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Virut Family GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vobfus Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VoidRay Downloader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Volatile Cedar Win32.Explosive Fake User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Volex - OceanLotus JavaScript Load (connect.js)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE VPNFilter htpx Module C2 Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE vSkimmer.PoS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Vundo User-Agent Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W2KM_BARTALEX August 11 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W2KM_BARTALEX Downloading Payload 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W2KM_BARTALEX Downloading Payload M2 (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/118GotYourNo Reporting to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/24x7Help.ScareWare CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Adrom.Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Agent.XXZBEN Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Alina.POS-Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Alina.POS-Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/AntiBreach Possible Activation Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Antifulai.APT CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Antifulai.APT CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Antifulai.APT CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Antifulai.APT CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Armageddon CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Asprox.Bot Knock Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon Acknowledgement
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox.ClickFraudBot POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox.FakeAV Affiliate Second Stage Download Location Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Asprox Passgrub POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Asprox php.dll.crp POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Backdoor.BlackMonay Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Badur.Spy User Agent lawl
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32 Bamital or Backdoor.Win32.Shiz CnC Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/BaneChant.APT Data Exfiltration POST to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/BaneChant.APT Initial CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/BaneChant.APT Winword.pkg Redirect
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Banload.VZS Banker POST CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Banload.VZS Banker POST CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Bapy.Downloader PE Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Beebus HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32.Berbew Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Bilakip.A Downloader API Ping CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Bilakip.A Downloader Viruslist Download For Populating FakeAV
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Bingoml!tr CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/BlackEnergy Dirconf CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32.Blackshades/Shadesrat Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Bravix.Dropper CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Briba CnC POST Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Caphaw CnC Configuration File Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Caphaw Requesting Additional Modules From CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Citadel.Arx Varient CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Citadel Conf.bin Download From CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel Content.php CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel Download From CnC Server /files/ attachment
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel File.php CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel Infection or Config URL Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Citadel Pro File.php CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Coced.PasswordStealer User-Agent 5.0
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Coinminer.Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE W32/Dadobra.Downloader/DNSChanger Dnsmake CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32.Daws/Sanny CnC Initial Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/DelfInject.A CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Depyot.Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Dexter Infostealer CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/DirCrypt.Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/DownloaderAgent.fajk Second Stage Download List Requested
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/DownloaderAgent.fajk Successful Infection CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Downloader.Mevade.FBV CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Downloader Secondary Download Request - W32/Hupigon.Backdoor Likely Secondary Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Downloader Tibs.jy Reporting to C&C (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Downloader_x.EJK!tr CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Downvision.A Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Dreambot File Upload (No Data Sent)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Dridex Binary Download Mar 23 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Dridex POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Echmark CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Echmark/MarkiRAT CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Echmark/MarkiRAT CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Echmark/MarkiRAT CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Emotet CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Emotet CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Emotet CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Emotet Empty CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Emotet.v4 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/FakeAlert Fake Security Tool Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.FakeEzQ.kr Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Farfli.BHQ!tr Dropper CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Farfli.BHQ!tr Dropper CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ferret DDOS Bot CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Fin4.InfoStealer Uploading User Credentials CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/FloatingCloud.Banker CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Fsysna.Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Fullstuff Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Gagolino Banking Trojan Reporting to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/GamesForum.InfoStealer Reporting to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/GameThief Initial CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Gaudox Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/GCman.Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32.Geodo/Emotet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Geodo/Emotet Checkin Fake 404 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Goolbot.E Checkin UA Detected iamx
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/HelloBridge.Backdoor Login CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/HelloBridge.Backdoor Register CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Hesperus.Banker Nlog.php Variant Sending Data To CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Hesperus.Banker Tr-mail Variant Sending Data To CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Hicrazyk.A Downloader Install CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Hupigon.B User Agent TSDownload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Hyteod.Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/InstallMonster.Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Iyus.H Initial CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Iyus.H work_troy.php CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Karagany.Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Kazy.325252 Variant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Kazy.325252 Variant CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Kazy User-Agent (Windows NT 5.1 ; v.) space infront of semi-colon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Kbot.Backdoor Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.BMW.APT Campaign CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.Dream.APT Campaign CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.MovieStar.APT Campaign CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.MyWeb.APT Campaign CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Ke3chang.Snake.APT Campaign CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/KeyLogger.ACQH!tr Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Kimsuky Sending Encrypted System Information to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Koobface Variant Checkin Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Lalus Trojan Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Lalus Trojan Downloader User Agent (Message Center)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/LetsGo.APT Sleep CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Lici Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Liftoh.Downloader Feed404 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Liftoh.Downloader Get Final Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Liftoh.Downloader Images CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Lile.A DoS Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/LockscreenBEI.Scareware Cnc Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Madness Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Mevade.Variant CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Mnless Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Nemim Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/NetShare User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Netwire Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Neverquest.InfoStealer Configuration Request CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Nolja Trojan Downloader Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Nolja Trojan User-Agent (FileNolja)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Numnet.Downloader CnC Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Numnet.Downloader CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Nutiliers.A Downloader CnC Checkin - Request Encrypted Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Nymaim Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Patchwork.Backdoor CnC Check-in M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Patchwork.Backdoor Communicating with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Pgift.Backdoor APT CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/PointOfSales.Misc CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/PointOfSales.Misc CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Pterodo.CL CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Pterodo CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Qakbot Request for Compromised FTP Sites
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Qakbot Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32.Qakbot Webpage Infection Routine POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Quasar 1.3/Venom RAT Connectivity Check 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Renos.Downloader User Agent zeroup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Rovnix Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Rshot.Backdoor File Upload CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Safe User Agent Fantasia
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Scar Downloader Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/SecVerif.Downloader Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/SecVerif.Downloader Second Stage Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/ServStart.Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Siggen.Dropper CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Skintrim CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Snojan.BNQKZQH CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Snojan.BNQKZQH User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/SPARS/ARS Stealer Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/SpeedingUpMyPC.Rootkit CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/SpeedingUpMyPC.Rootkit Install CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/SpeedingUpMyPC.Rootkit Successful Install GET Type CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Spy.KeyLogger.OCI CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/StartPage.eba Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/StealRat.SpamBot Email Template Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Symmi.46846 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Symmi Remote File Injector Initial CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Syndicasec.Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Taidoor.Backdoor CnC Checkin With Default Substitute MAC Address Field
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/TCYWin.Downloader User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Threebyte.APT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Tobfy.Ransomware CnC Request - status.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/Tobfy.Ransomware Invalid URI CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/TRCrypt.ULPM Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Trickbot C2 (networkDll module)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/TrojanSpy.MSIL Fetch Header CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/TrojanSpy.MSIL Fetch Time CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/TrojanSpy.MSIL Get New MAC CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/TrojanSpy.MSIL Set Done Day CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Trustezeb.C CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/UltimateDefender.FakeAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Upatre.Downloader Encoded Binary Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/VBS.SLoad.Backdoor Initial Base64 Encoded OK Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Virus-Encoder Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/VPEYE Trojan Downloader User-Agent (VP-EYE Downloader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Vundo.Downloader Reporting User Website Session Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Wadolin.Downloader CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE W32/Waterspout.APT Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Witch.3FA0!tr CnC Actiivty
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Witch.3FA0!tr CnC Actiivty M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Witch.3FA0!tr CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Woai.Dropper Config Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zbot.InfoStealer WindowsUpdate Connectivity Check With Opera UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zbot.Variant CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zbot.Variant Fake MSIE 6.0 UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zemra.DDoS.Bot Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE W32/Zeus.BitcoinMiner Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE W32/Zeus.InfoStealer Infection Campaign Heap.exe Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zeus.InfoStealer Infection Campaign Wav.exe Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE W32/Zzinfor.A Retrieving Instructions From CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Waledac Beacon Traffic Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Waledac FACEPUNCH Traffic Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WARP Win32/Barkiofork.A
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WaterDropX PRISM CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WaterDropX PRISM CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WBK Download from dotted-quad Host
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-CLOVER Checkin APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-CLOVER Download UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-CSON Checkin - APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-DIV UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-RAVE UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-TABLE Checkin 1 - APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-TABLE Checkin 2 - APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-TABLE Checkin 3 - APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WEBC2-UGX User-Agent (Windows+NT+5.x) APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Webshell Access with Known Password Inbound - Possibly Iran-based
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Server Software Component - T1505
ET MALWARE Webshell Execute Command Inbound - Possibly Iran-based M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Server Software Component - T1505
ET MALWARE Webshell Landing Outbound - Possibly Iran-based
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Server Software Component - T1505
ET MALWARE Webshell Upload Command Inbound - Possibly Iran-based
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Server Software Component - T1505
ET MALWARE Wide HTA with PowerShell Execution Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/44Caliber Stealer Discord Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/44Caliber Stealer Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/7ev3n Ransomware Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/7ev3n Ransomware Process Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Adware.Agent.NSU CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.AAIB Variant CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.ACBD CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Agent.cyt (Or variant) HTTP POST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Agent.pt User-Agent Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AgentTesla Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.UWW Variant Activity (Retrieving Commands)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.UWW Variant Activity (Sending System Information)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.WMN CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Agent.WVW CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Agent.WVW CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Agent.WVW CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Agent.XST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Agent.XST/UP007 Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Alpha Stealer v1.5 PWS Exfil via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Androm.gnlb Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AnteFrigus Ransomware Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Arkei Stealer CnC Checkin (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Arkei Stealer CnC Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ArmyOfUkraine Bot Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ArtraDownloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ArtraDownloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ASPC Bot CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ASPC Bot CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ASPC Bot CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Aura Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/AutoIt.NU Miner Dropper CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Autophyte.F C2 Domain (tpddata .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Autophyte.F C2 Domain (www .anlway .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Autophyte.F C2 Domain (www .ap8898 .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Autophyte.F C2 Domain (www .apshenyihl .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Avaddon Ransomware Style External IP Address Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/AZORult V3.2 Client Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M10
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M13
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M14
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M15
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M16
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M17
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M18
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M19
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M20
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M22
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M23
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M24
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.2 Client Checkin M9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M10
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M13
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M14
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M15
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M16
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M17
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M18
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M19
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M20
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M22
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M23
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M24
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/AZORult V3.3 Client Checkin M9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Agent.qweydh CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Daxin CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Dripion External IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Dripion HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Graphon Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Randrew.A CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.Small.ao CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Backdoor.YesMaster CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Bancos.AMM CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Bancos URL Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Banker.bqba Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Banload.BTQP Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Banload.BTQP Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BanloadDownloader.XZY Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BazarLoader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Beapy/Lemon_Duck CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Beaugrit.gen.AAAA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Bicololo Response 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Bicololo Response 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Bisonal Backdoor CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Bisonal CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Bisonal RC4 Encrypted 8 Byte Static CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Blackbeard Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BlackNET CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BlackNET CnC Keep-Alive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BlackNET CnC Requesting Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BLUELIGHT OAuth Login Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/BLUELIGHT OAuth Login Attempt M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Bot.Sezin CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Braincrypt Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CandyOpen/UniClient Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CandyOpen/UniClient Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Chekafe.A or Related Infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Chinad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Chinad Retrieving Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CHIP Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Chopstick Checkin (APT28 Related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Chroject.B ClickFraud Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Chroject.B Requesting ClickFraud Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Chroject.B Retrieving encoded payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ClipBanker.OC CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ClipBanker.OC CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32 Cloaker Related Post Infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Colibri Loader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Colibri Loader Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Colibri Loader Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CollectorStealer CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CollectorStealer CnC Exfil M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CollectorStealer - Uploading System Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Comisproc Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Comotor.A!dll Reporting 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CONFUCIUS_B CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CONFUCIUS_B External IP Check to CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/COOKIEBAG Cookie APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CopperStealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CopperStealer CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CopperStealer CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CopperStealer Installer Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Coreshell Checkin (APT28 Related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Cridex Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Crypren/Zcrypt Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CryptFile2 Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CryptFile2 Ransomware Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CryptFile2 / Revenge Ransomware Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CryptInject.BE!MTB Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Crypt.nc Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Cryptrun.B Connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Cryptrun.B/MSUpdater C&C traffic 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/CryPy Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/CryPy Ransomware Encrypting File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/DanaBot Harvesting Email Addresses 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DanaBot Harvesting Email Addresses 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DanijBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DanijBot CnC Task Status
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DanijBot User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DarkRAT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DarkWatchman Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DarkWatchman Checkin Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Datamaikon Checkin myAgent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Datper CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DCRat CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Delf.TJJ Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32 Dialer Variant
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Dipverdle.A Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DMA Locker CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Dofoil.L Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Dorv Stealer Exfiltrating Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/DownloadAdmin Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Downloader.Small.BIL CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Drun Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Dynamer Trojan Dropper User-Agent VB Http
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emold.C Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet.C Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Activity (POST) M9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet CnC Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Emotet HTML Template Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Enchanim Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Enchanim Process List Dump
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Enemyfear Stealer Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Enosch.A gtalk connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Eris Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Expiro.CD Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fake Anti-Pegasus AV CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.FakeAV.chhq Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.FakeAV POST datan.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.FakeAV.Rean Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/FakeSysdef Rogue AV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/FakeXPA Checkin URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Fareit.A/Pony Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Fareit.A/Pony Downloader Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fareit Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fareit Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Final1stspy CnC Checkin (Reaper/APT37 Stage 1 Payload)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fireball Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fluxer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Formgrabber Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fosniw CnC Checkin Style 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fosniw MacTryCnt CnC Style Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fujacks Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Fujacks Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/GandCrab Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/GandCrab Ransomware CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Gasti.tm Checkin Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Gatak Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Gatak.DR Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Gatak.DR Payload Instructions
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/GenKryptik.FKJZ CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Genome Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Geodo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Girostat Stealer (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Glupteba/ClIEcker CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/GrandaMisha Sending System Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Grimagent CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Hancitor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.HLLW.Autoruner USA_Load UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Htbot.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Hupigon.dkwt Related Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/HydraCrypt CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/HydraCrypt CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Hyteod CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/IcedID Request Cookie
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/IcedID Requesting Encoded Binary M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/IcedID Requesting Encoded Binary M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/IcedID WebSocket Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Infostealer.Snifula File Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/InfoTester Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Injector.DSQR CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Injector.ULH CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ispen BADNEWS CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Ispen BADNEWS Fake User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Jackpot Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32.Jadtre Retrieving Cfg File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Kaicone.A Checkin via HTTP POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Kazy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Keatep.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kelihos.F Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kelihos.F exe Download 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ketrican CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Koubbeh Sending Windows System Info
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WIN32/KOVTER.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kribat-A Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.BSYO Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.BSYO Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.FVVZ Variant CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HCZR Variant Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HNBU CryptoMiner - GetTasks Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kryptik.HNBU CryptoMiner - Report Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Krypton Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Kuluoz.B Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Lager Trojan Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Lager Trojan Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Lager Trojan Reporting (gcu)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Laturo Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Limbozar Ransomware Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LockScreen.BW Payment Info
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LockScreen.BW Payment Info 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LockScreen CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/LockScreen CnC HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LODEINFO CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LODEINFO v0.3.5 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LODEINFO v0.3.6 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/LODEINFO v0.4.x CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/MailerBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Malgent!MSR Dropper Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Malgent!MSR User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Matsnu.L Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Meredrop Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/MereTam.A Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/MereTam.A Ransomware CnC Init Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Mingloa CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Mole Ransomware CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/MOOZ.THCCABO CoinMiner CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Win32.MSUpdater C&C traffic GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Namsoth.A Checkin/NEWSREELS APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Napolar.A Getting URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Necurs
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Necurs Common POST Header Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Neshta.A Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neurevt.A/Betabot checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Bot Fake 404 Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino CC dump
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Checkin 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino Cookie
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Neutrino ping
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/NitroStealer CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/NitroStealer/exoStub CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Nivdort Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Nivdort Posting Data 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Nubjub.A HTTP Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Nuclear Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Oliga Fake User Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/OnLineGames GetMyIP Style Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Onliner CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Onliner Mailer Module Communicating with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Onliner Receiving Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Onliner Requesting Additional Modules
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Pamesg/ArchSMS.HL CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.PEx.Delphi.1151005043 Post-infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Phorpiex CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pift Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pift Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PivNoxy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PlagueBot User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ponmocup.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Pony Variant FOX Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pottieq.A Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Poweliks.A Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Poweliks GET Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Predator Variant Dropper Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pripyat Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PrivateLoader Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ProtonBot CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ProtonBot Stealer Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Protux.B POST checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PSW.Agent.OIN CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PSW.Agent.OMP Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PSW.Papras.CK file upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PSW.QQPass.OZV Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PSW.WOW.NLZ CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pteranodon CnC Exfil (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pteranodon CnC Exfil (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo CnC Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pterodo.NG Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PurpleFox Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PurpleFox Retrieving File (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PurpleWave Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PurpleWave Stealer CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/PurpleWave Stealer Requesting Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Pykspa.C Public IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Qbot CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Qbot/Quakbot Downloader - Requesting Secondary Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer Checkin M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (autopartslarry .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (companyllc .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (finalcountdown .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (followmeasap13 .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (gogowormdealer .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (habbybearshop .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (heroofthe .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (hitfromthebong .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (letsmakesome .fun)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (lifemaindecision .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mansizeprofile .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mariofart8 .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mydrinksare .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mynameisgarfield .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (nameyourcatlikeshedeserved .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (nyqualitypizza .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (onthewire1 .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (perfectscenario .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (pleaseletmesleep .fun)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (return2monkey .fun)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (rpirpiwhyyouleaveyourhorse .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (seattlecarwash .fun)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (shehootastayonwhatshelirned .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (simsimsalabim .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (teastycandycoffe .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (thelegendofberia .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (thereisnoscheme .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (videomart .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (youaresoslow .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (youcanfindmeonthe .top)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Radonskra.B C2 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ramsay CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Rarog Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Rarog Stealer CnC Keep-Alive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Razy.azv Downloading Content
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/RCAP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Reconyc.equo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Redyms.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Renos/Artro Trojan Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Retadup CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Retadup CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Retadup Success Response from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Riberow.A (fsize)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Riberow.A (listdir)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Riberow.A (mkdir)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Riberow.A (postit3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Rioselx.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/RiskWare.YouXun.AD CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/RocketX Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Rodecap CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Rodecap/Travle/PYLOT CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Roficor.A (Darkhotel) Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Rovnix.I Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Rovnix.J Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ruckguv.A Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Runner/Bublik Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sabsik Config Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sabsik.FL.B!ml CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Sality-GR Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Sality-GR Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Sality User-Agent (DEBUT.TMP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/SandCat CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sarwent Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sarwent Initial Checkin CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sarwent Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Satana Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Scarsi Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Scieron-A Checkin via HTTP POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Scieron-A UA (HTClient)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sefnit Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sehyioa Variant Activity (Download)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sehyioa Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Shiz.fxm/Agent-TBT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sinresby.B Downloader CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sisproc Variant POST to CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Sisron/BackDoor.Cybergate.1 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Sluegot.A Checkin WEBC2-YAHOO APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Small.AB or related Post-infection checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Small.qh/xSock User-Agent Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Small.XR Checkin 2 WEBC2-CSON APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Snatch Ransomware - Encryption Finished
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Snatch Ransomware - Encryption Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/SodaMaster domain observed in TLS SNI (www . rare-coisns. com)
ET MALWARE Win32/Spectre Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Banker.AAQD Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Banker.AAXV Retrieving key from Pinterest
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Banker.ABCG Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Banker.ACUT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.SpyEyes.bllw CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.KeyLogger.ODN Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Odlanor CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Pavica.FH Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Socelars.S CnC Activity M4 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Spy.Tuscas
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Spy/TVRat Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/StoredBt.A Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/StreamFlaw.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Swizzor User-Agent (Swizz03r)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Swrort.A Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Swrort.A Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TaskPerformer Downloader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Tdss User Agent Detected (Mozzila)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tesch.B CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Tflower Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Win32/Tiggre Variant Activity Sending System Files (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TinyNuke CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tnega Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tobfy.S
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Toby.N Multilocker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Toby.N Multilocker Image Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Toby.N Multilocker Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tofsee Connectivity Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tofsee Connectivity Check M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Tosct.B UA Mandiant APT1 Related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trapwot FakeAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trapwot FakeAV Post Infection CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Travnet.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.TreasureHunter Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrickBot Anchor Variant Style External IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrickBot CnC Initial Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trickbot Data Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trickbot Data Exfiltration M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trickbot Data Exfiltration M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trickbot Data Exfiltration M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrickBot maserv Module CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrickBot maserv Module Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Agent.AXMO CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Trojan.Agent.FSTT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Trojan.Agent.U3D7V0 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrojanDownloader.Agent.FC CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrojanDownloader.Chekafe.D User-Agent my_check_data On Off HTTP Port
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrojanDownloader.Delf.BVP Win32/BioData CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/TrojanDownloader.Delf.BXC CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/TrojanDownloader.Small.AWO CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrojanDownloader.Waski.F Locker DL URI Struct Jul 25 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M10
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M9
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32/Trojan.Valyria.6015 CnC Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Troj.Cidox Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.BrowserStealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.BrowserStealer CnC Keep-Alive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.BrowserStealer Data Exfil M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.BrowserStealer Data Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.BrowserStealer Data Exfil M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk Downloader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.Joia CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Unk.VBScript Requesting Instruction from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Urausy.C Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Urausy.C Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Urausy.C Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Urausy.C Checkin 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ursnif Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Usteal.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Uwamson Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak - Plugin Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak - Stage 2 - Response - Plugin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak - Stage 2 - Response - Task
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak <v20 Checkin - Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak <v9 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak <v9 - Stage 2 - Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Valak Variant CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Variant.Zusy.402698 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.VBKrypt.vquj Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.VB.tdq - Fake User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vermilion Stager Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vermilion Stager Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vflooder.C Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Vilsel Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Virut.BN Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.Virut - GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/ViSystem CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vools Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Vundo.OD Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Webdor.NAC Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Winshow User Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/X-Files Stealer Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Xtrat.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ymacco.AA1C Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Ymacco.AA67 CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.YordanyanActiveAgent CnC Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32.YordanyanActiveAgent Generic CnC Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zacom.A CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Win32.Zbot.ivgw Downloading EXE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot Config Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot Requesting PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot Requesting PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zemot URI Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win32/Zeprox.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win64/Agent.NL Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win64/Havex Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win64/TrojanDownloader.Age Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win64/Vabushky.A Malicious driver download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WindowsEnterpriseSuite FakeAV check-in GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WindowsEnterpriseSuite FakeAV get_product_domains.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Windows Executable Downloaded With Image Content-Type Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Windows Executable Sent When Remote Host Claims to Send a RAR Archive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Winquickupdates.com/Mycashloads.com Related Trojan Install Report
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Winsoft.E Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Activity (GET) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Activity M4 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Activity M5 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Retrieving Commands
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wintervivern Retrieving Task
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Win.Trojan.Chewbacca connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Wonton-JH Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WooSIP Downloader CnC CreateFolderOnServer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WooSIP Downloader CnC DeleteFileOnServer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WooSIP Downloader CnC WriteMetadataOnServer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.ayr Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.ayr CnC command (is-cmd-shell)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.ayr CnC command (is-enum-driver)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.ayr CnC command (is-enum-folder)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.ayr CnC command (is-enum-process)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.VBS.Jenxcus.H User Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WORM_VOBFUS Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WORM_VOBFUS Checkin Generic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WORM_VOBFUS Requesting exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.Win32.Balucaf.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Worm.Win32.Vobfus Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WRAT Dropper (TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WSF/JS Downloader Jan 30 2017 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WSHRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WSHRAT Credential Dump Module Download Command Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WSHRAT Keylogger Module Download Command Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WS/JS Downloader Mar 07 2017 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE WS/JS Downloader Mar 07 2017 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE X2000M.Agent Checkin Jan 24 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Xbagger Macro Encrypted DL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Xbagger Macro Encrypted DL Jun 13 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE xCaon Embedded Encrypted Command in Webpage
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XcodeGhost CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XcodeGhost CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDMonitor Checkin Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDMonitor Sending Debug Messages
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDUpload Sending File Upload Progress
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDUpload Sending Screenshot Upload Progress
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDUpload Uploading Directory Listting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XDUpload Uploading Files
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE X-Files Stealer CnC Exfil Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Xilcter/Zeus related malware dropper reporting in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XLS.Unk DDE rar Drop Attempt (.club)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XLS.Unk DDE rar Drop Attempt (.online)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE X-Malware-Sinkhole Header in HTTP Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE xpsecuritycenter.com Fake AntiVirus GET-Install Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE XPSecurityCenter FakeAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Xwo CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Yahoo550.com Related Downloader/Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE YAHOOYLO Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Yahoyah CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Yandexbot Request Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Search Open Websites/Domains - T1593
ET MALWARE Yayih.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Yayih.A Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Yayih.A Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zacom/NFlog Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zacom/NFlog HTTP POST Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zacom/NFlog HTTP POST Fake UA CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Zalupko/Koceg/Mandaph HTTP Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zberp receiving config via image file - SET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot/Beomok/PSW - HTTP POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot CnC GET /lost.dat
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot CnC POST /common/timestamps.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot CnC POST /common/versions.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot download config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot download config - SET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot Generic URI/Header Struct .bin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot POST Request to C2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zbot/Zeus or Related Infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zebrocy Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zebrocy Screenshot Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zentom FakeAV Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeoticus Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ZeroAccess Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZeroAccess/Max++ Rootkit C&C Activity 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZeroAccess P2P Module v6 Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZeroLocker Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZeroLocker Downloading Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus Bot Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus Bot GET to Bing checking Internet connectivity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus Bot GET to Google checking Internet connectivity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request 10/4/2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus.Downloader Campaign Unknown Initial CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Zeus GameOver Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus POST Request to CnC sk1 and bn1 post parameters
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ZeuS Post to C&C footer.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zeus User-Agent(z00sAgent)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zhelatin npopup Update Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zloader Related Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zlob Updating via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zlob User Agent (securityinternet)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zlob User Agent - updating (internetsecurity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zlob User Agent - updating (Winlogon)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Zyklon CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Java Client HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 10.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 11.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 12.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 13.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 14.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 1.4.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 15.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 1.5.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 16.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 1.6.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 17.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 1.7.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 1.8.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET POLICY Vulnerable Java Version 9.0.x Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7 TEST NTA IDS - rapid7.com/NetworkSensorIDSTest
RAPID7-TIDE Cobalt Strike Default SSL Certificate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon Server GET Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon Server POST Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail GET Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail POST Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET 1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET 2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing Server Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
SURICATA TLS invalid encrypted heartbeat encountered, possible exploit attempt (heartbleed)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.