Suspicious Network Activity - IDS

ET HUNTING Suspicious EXE Download Content-Type image/jpeg

These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Adobe PKG Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ARM File Requested via WGET (set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Flowbit set for POST to Quicken Updater

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO GET Minimal HTTP Headers Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO IE7UA No Cookie No Referer

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO maas.io Image Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download (set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download - Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (no .exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request to Dotted Quad

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible WinHttpRequest (no .exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Symantec Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO User-Agent (wininet)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Windows Update/Microsoft FP Flowbit

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ZoneAlarm Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44Calibar Variant Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44 Caliber Stealer Data Exfil via Discord

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (bigudp)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (dns)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (stop)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (syn)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE Activity related to APT.Seinup Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Agent.BAAB Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla Communicating with CnC Server

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla PWS HTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alfa/Alpha Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Alina Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina Server Response Code

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina User-Agent(Alina)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alman Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AlphaCrypt CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt Connectivity Check 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Alureon Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey CnC Check-In

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT Init Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT WebSocket Session

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/FakeKakao checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin Dec 29 2014

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Check-in Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Downloading Module

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntiVirus exe Download Likely FakeAV Install

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntSword Webshell User-Agent Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Attempt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Sucessful Exploit

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ApolloLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ApolloLocker Ransomware CnC Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Kupay Wallet CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Union Crypto CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL Related CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 SEDNIT Variant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28/SkinnyBoy Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/SkinnyBoy Payload Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Uploader Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 Uploader Variant Fake Request to Google

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Cache_DLL SSL Cert

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - Evil Twitter Callback

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - MAL_REFERER

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29/Wellness CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Agtid callback

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Backspace CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Bitter Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/Bitter Related Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-48 Related Activity Retrieving ConsoleHost (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Cheshire Cat CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT CozyCar SSL Cert 2

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 5

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 6

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 7

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 8

Description

Recommendation

ET MALWARE APT/Donot Group Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/FamousSparrow Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Fwits CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT.Fwits CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT Hellsing Proxy Checker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lazarus Nukesped Downloader

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lurker POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT Mustang Panda Payload - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt C2 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Operation Sidecopy lnk Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT OSX.XSLCmd CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe Style Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor Intial Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor User-Agent (ALIZER)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ares Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Gopher Related User-Agent (aimxxhwpcc)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Advtravel Campaign GET Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checking filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Exfiltrating files

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT File information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (SK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skype)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skypee)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Date

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Serial

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AridViper CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer Config Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer IP Lookup

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArrobarLoader CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader/TeleRAT Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Related Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Data Post to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Form Submission to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asterope Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AstroBot CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Athena DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Atya Dropper Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aura Ransomware User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Aurora Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE AutoHotkey Downloader Checkin via IPLogger

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AutoHotKey offthewall Downloader Requesting Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Avzhan DDoS Bot User-Agent MyIE

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult Variant.4 Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babar POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babax Stealer Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BabyShark CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BACKCONFIG CnC Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Egobot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise CnC Beacon 1 M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2 M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise Style IP Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise Style IP Check M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Esion CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Graybird Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor Lanfiltrator Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Meciv Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.bjjv Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.myttae User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Ixeshe

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Ping Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/PcClient.AA Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.PEx.942728546 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.RShot HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Get Config Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Put

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Trup.CX Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Xtrat Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backoff POS Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadPatch CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Baldr Stealer Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin - Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Headers - Likely CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bancos/Banker Info Stealer Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BandarChor/CryptON Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BandarChor Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (hhh)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Ms)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Mz)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (MzApp)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker PWS/Infostealer HTTP GET Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker Trojan (General) HTTP Checkin (vit)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banking Trojan HTTP Cookie

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin Detected (envia.php)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload POST Checkin (dados)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload User-Agent Detected (ExampleDL)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaBackdoor Variant CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT GET request CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT POST request CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bebloh connectivity check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim payload retrieval

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BestAntivirus2011 Fake AV reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Betabot Checkin 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BF Botnet CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BigLock Ransomware CnC Activity (id)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BIOPASS RAT Go Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BIOPASS RAT Python Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitcoin variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter APT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BITTERBUG Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter RAT HTTP CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bitter RAT HTTP CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_SLOTH.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackbeard Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C (2)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2 POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x Plugin Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Black KingDom Ransomware Related Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BlackMatter CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackshadesRAT Reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech Plead Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BleachGap Ransomware Checkin (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Blue Bot DDoS Blog Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Logger Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Proxy Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Target Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bolek HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Book of Eli CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bookworm CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bookworm CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bossabot DDoS tool RFI attempt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bot Backdoor Checkin/registration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BOUNCEBEAM Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bravix Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brazilian Banker SSL Cert

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab CnC URL Detected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab Downloader Communicating With Controller (1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BroBot POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Rivest)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BrushaLoader CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer - DomainInfo User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Successful Payload Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BUILDINGCAN CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buran Ransomware Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Buran Ransomware Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BYOB - Python Backdoor Loader Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BYOB - Python Backdoor Stager Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bzub2 Related RPC/Http Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE C3Pool CoinMiner Setup Script Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496
ET MALWARE Campo Loader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Capfire4 Checkin (register machine)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE carberp check in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp checkin task

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp CnC request POST /set/task.html

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp file download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Casbaneiro CnC Host Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cashout Proxy Bot reg_DST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBeplay Downloading Design

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay.P Ransomware

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CenterPOS CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Delete Plugins

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Load Plugins

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CerberTear Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaseBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (command)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (file)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (hello)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (result)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Chthonic CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Citadel Activity POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Citadel Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (aspx)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (PHP)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Click Fraud Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ClipBanker Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - Coinminer Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496
ET MALWARE Clipsa Stealer - Exfiltration Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CloudAtlas APT Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cloud Atlas CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CNRarypt Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cnzz.cn Related Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Group SSL Certificate Detected

Description

Recommendation

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt STrike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Bing Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Observed (MASB UA)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)

Description

This detection identifies malware related activity using Rapid7's Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cohhoc RAT CnC Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoinVault CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault POST M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CollectorStealer CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Outbound Communication

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew Possible APT backdoor download logo.png

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Access Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL (partner)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (farfly checkin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (pid - mac)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (wmid - ucid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Trojan HTTP GET Logging

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre URI/Headers Struct

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Zbot EXE filename Dec 09 2013

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE COMRAT CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Conficker/KernelBot/MS08-067 related Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ConstructorWin32/Agent.V

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cookies/Cookiebag Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Requesting Module

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Covenant Framework HTTP Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar V2 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP GET CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Criptobit/Mobef Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CROSSWALK CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptojoker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptolocker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLocker EXE Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CryptoPatronum Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CryptoShield Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall CryptoWall 3.0 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Curso Banker Downloading Modules

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT User-Agent (USER_CHECK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cyborg Ransomware - Downloading Desktop Background

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cycbot POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE D1onis Stealer Sending Data to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Execution

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Extraction

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Daemonize.ft HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dalexis CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dalexis Downloading EXE

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot Associated Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot UA Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CNC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkHotel Downloader CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Downloader CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Initial Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Payload Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Darkness DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Databack CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DATA-BROKER BOT Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRAT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M11

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M12

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M13

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat Initial CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ddex Loader Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Job Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Slave POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet Miner Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin via HTTP

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Janicab CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Powersing CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecebalPOS User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecryptmyFiles Ransomware CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE DEEP PANDA Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delf Checkin via HTTP (5)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Densmail.com Related Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer-715 Install Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.MC(vf) HTTP Request - Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.Trojan Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DiamondFox HTTP Post CnC Checkin M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ext Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ignore Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Key Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Landing Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Priority Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Services Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Wipe Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol HTTP Cookie Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirectsX CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirtJumper Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DistTrack/Shamoon CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DistTrack/Shamoon CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE D-Link ShareCenter (DNS-320/325) RCE (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DLoader File Download Request Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DMSpammer HTTP Post Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Commands Embedded in Webpage Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Requesting Config

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Domen SocEng Redirect - Landing Page Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonBot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donkeyp2p Update Detected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Pult Downloader Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Template Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dooptroop CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dooptroop Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot GeoIP Lookup to wipmania

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot Loader Payload Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downadup/Conficker A or B Worm reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Downloaded .bat Disables Real Time Monitoring

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded .bat Disables Windows Defender

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded Script Disables Firewall/Antivirus

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In - Possible Win32.Small.htz related

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader (P2P Zeus dropper UA)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Banload Reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Geral Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader Win32.Small.agoy Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Small CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dridex Base64 Executable

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex/Bugat/Feodo Cookie

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo GET Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo POST Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex DL Pattern Feb 18 2016

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex Post Check-in Activity

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Retrieving Second Stage

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex v2 POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Driveby Exploit Attempt Often to Install Monkif

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Driveby Loader Request List.php

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dropper Checkin 2 (often scripts.dlv4.com related)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dropper Checkin (often scripts.dlv4.com related)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Encoded Binary - Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dumador Reporting User Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DustySky CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DustySky Payload Link Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyre CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Ex-filtrating Data

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Fake Server Header

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/Mist Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ElectroRAT CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF_BASHLITE.SMB Dropping Files

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/DarkNexus User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/LiLocked Ransom Note in HTTP Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/MachO.Netwire Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mayhem Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M1 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai User-Agent Observed (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Damien)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (lessie)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Rift)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Solar)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Damien)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (lessie)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Rift)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Solar)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/muBoT User-Agent (I'm a mu mu mu ?)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Attempting to Download Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Scanner Module Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/TooEasy Miner CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE EMAIL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Certificate Observed M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet Post Drop C2 Comms M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet v2 Exfiltrating Outlook information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Wifi Bruter Module Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enigma Locker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Cobalt Strike Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [eSentire] VBS Retrieving Malicious Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ESPecter Bootkit Initialization Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Ping

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Registration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EUPUDS.A Requests for Boleto replacement

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Google Drive Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Monero Cryptocurrency Miner Request Pools

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evilnum Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Error Report

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil PDF Retrieving Emotet Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer Retrieving CnC Information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Exorcist 2.0 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKBEN Ransomware

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE FAKE AOL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.dfze/FakeAV!IK Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV FakeSmoke HTTP POST check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE AV HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Install

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page (aid sid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV oms.php Data Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV security_scanner.exe

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV User-Agent XML

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Faked Russian Opera UA without Accept - probable downloader

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Google Chrome Notifications Installer

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake IBM SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKEIE Minimal Headers (flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Opera 8.11 UA related to Trojan Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE/ROGUE AV/Security Application Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Virtually SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Windows Scam ScreenLocker

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE YAHOO SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeYak or Related Infection Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Farfli HTTP Checkin Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Initial Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS RAM Scraper Sending Details

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Reporting Error Code

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Keystrokes

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Status Logs

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Software Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Successful Software Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Version Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FBot Downloader Generic GET for ARM Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Felismus CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Felismus CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FF-RAT Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FighterPOS CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FighterPOS CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Fileless infection dropped by EK CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Filename explorer.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename server.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename svchost.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN12 Related ICECANDLE/Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WEIRDLOOP/Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WHITEDAGGER/Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FIN6 StealerOne CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Activity (GET)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Activity (POST)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FindPOS Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FinSpy Related Flash Installer Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FinSpy Related WinRAR Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.BEACON M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FlashBack Mac OSX malware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Formbook 0.3 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FormBook CnC Checkin (POST) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FortDisco Reporting Status

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Data)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Yuok)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRatReporter check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Error Report POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSocket Request M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSockets Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FraudLoad.aww HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA LETITGO

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA single

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fruspam polling for IP likely infected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer Init Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullspace.cc or Related Checkin (2)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gaboc Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Galock Ransomware Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Gamania Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Maldoc Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon File Stealer POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon MalDoc CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related VBS Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamarue/Andromeda Downloading Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gameredon Loader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GandCrab Style External IP Check (Spoofed Yahoo Host)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GanDownloader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Submitting Logs to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gatak CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gazer HTTP POST Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Related Downloader User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Banker.PWS POST Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Downloader Checkin URL (GUID+)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Trojan Downloader

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST Packet 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - 8Char.JAR Naming Algorithm

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic .bin download from Dotted Quad

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Bot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Checkin - MSCommonInfoEx

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader checkin (3)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader Checkin - HTTP GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader - HTTP POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper/Clicker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic gate .php GET with minimal headers

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GENERIC Likely Malicious Fake IE Downloading .exe

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Password Stealer User Agent Detected (RookIE)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To file.php w/Extended ASCII Characters

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Request to gate.php Dotted-Quad

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan Checkin (UA VBTagEdit)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan with /? and Indy Library User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Win32.Autorun HTTP Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Genome User-Agent (Http Down)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Geocon CnC Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot initial checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot requesting update

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georgian Targeted Attack - Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GhostWriter APT Related Cobalt Strike Activity (GET)

Description

Recommendation

ET MALWARE Gimemo Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GlitchPOS CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Glupteba CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Anubis CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Godlua Backdoor Downloading Encrypted Lua

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Hack Browser Data Exfil Attempt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoLang Discord Token Grabber Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gootkit Checkin User-Agent 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/PSW.Agent_AGen.A Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/BlackNet Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi check-in / update

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi Communication 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Grabftp Module Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro CnC Activity (vbs)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GreenDou Downloader User-Agent (hello crazyk)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gulpix/PlugX Client Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE H1N1 Loader CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE H1N1 Loader CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE HabitsRAT Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE hacker87 checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Android Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Elite Windows Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Scout Windows Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hades APT Downloader Attempting to Retrieve Stage 2 Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger 2 checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover related campaign Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover related campaign Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Harvester Group Downloader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response HTML Tag

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Initial Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Sending System Information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HB_Banker16 Get

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HiddenTears Ransomware Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Higaisa CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higaisa CnC (ipconfig)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higasia CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HighTide trojan Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader installed successfully request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader requesting payload URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti/Mufanom Downloader Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hoax.Win32.BadJoke/DownLoader1.57593 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HompesA Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark HTTP Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PowerShell Args Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded WScript.Shell Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Andromeda File Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Tasking File

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPTool User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon.DF Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon URL Infection Checkin Detected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (??)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (RAV1.23)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (VIP2007)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HYDSEVEN VBS CnC Host Information Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573
ET MALWARE IcedID/Emotet Certificate Observed M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID Observed Domain (loadfreeman .casa in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID WebSocket Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG JAVAFOG JAR checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat Backdoor Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat CnC Acitivty M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE iebar Spyware User Agent (iebar)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Illusion Bot (Lussilon) Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent IAMDDOS

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent kav

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent STORMDDOS

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent YTDDOS

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound JasperLoader Using Array Push Obfuscation

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound MonetizeUs/LNKR Struct

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inception APT malware

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT BoxCaon DropBox Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT xCaon/Textpadx Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE indux.php check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending LAN Details

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending Machine Details

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Bancos ProxyChanger Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Banprox Proxy.pac Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Internet Protection FakeAV checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IOS.Oneclickfraud HTTP Host

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IP Grabber CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Downloading .old

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Fantasy Name Gen

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ironhalo CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Iron/Maktub Locker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ISMAgent CnC Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ISRStealer Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IsSpace/Zacom Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IXWARE Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JackPOS XOR Encoded HTTP Client Body (key AA)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jadtree Downloader rar

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jaff Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE JAR/Qealler Stealer HTTP Headers Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasmin Ransomware C2 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE JasperLoader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Archive sent when remote host claims to send an image

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Download non Jar file

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java/QRat Retrieving PE

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JavaScriptBackdoor HTTP GET CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Javascript Click and Removal of Download Element

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Javascript Displays malicious download page

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (file upload)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (system command)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE jFect HTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Joanap CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jorik FakeAV GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Agent.NZH CnC Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/HTA Downloader Behavior M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS.InfectedMikrotik Injects Domain Observed in TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-10-07

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-11-02

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-10-07

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-11-02

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-06

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap Maldoc Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Outbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/RAA Ransomware check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS Sniffer Framework Sending to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Spy.Agent.AW Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/TrojanDownloader.Agent.TXV CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Unk Downloader 0 Byte POST CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M6

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M7

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JunkMiner Downloader Communicating with CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M1 (SET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M2 (SET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos/Hlux GET jucheck.exe from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos.K Executable Download DGA

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger HTTP Pattern

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Uploading Screenshots

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (go https)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (kill)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (sleep)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyLogger related to FindPOS CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE KimJongRAT cnc exe pull

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky APT Related Host Data Exfil M4

Description

Recommendation

ET MALWARE Kimsuky APT Related Host Data Exfil M5

Description

Recommendation

ET MALWARE Kimsuky CSPY Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor Secondary Payload Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Operation Blue Estimate CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (down)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (init)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (ping)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity Sending Windows Information (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation