Suspicious Network Activity - IDS
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Adobe PKG Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ARM File Requested via WGET (set)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Flowbit set for POST to Quicken Updater
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO GET Minimal HTTP Headers Flowbit Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO IE7UA No Cookie No Referer
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO maas.io Image Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download (set)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download - Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (no .exe)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request to Dotted Quad
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible WinHttpRequest (no .exe)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Symantec Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO User-Agent (wininet)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Windows Update/Microsoft FP Flowbit
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ZoneAlarm Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44Calibar Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44 Caliber Stealer Data Exfil via Discord
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (bigudp)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (dns)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (stop)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (syn)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Agent.BAAB Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla Communicating with CnC Server
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla PWS HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alfa/Alpha Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Alina Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina Server Response Code
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina User-Agent(Alina)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alman Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AlphaCrypt CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt Connectivity Check 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Alureon Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey CnC Check-In
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT Init Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT WebSocket Session
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/FakeKakao checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin Dec 29 2014
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Check-in Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Downloading Module
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntiVirus exe Download Likely FakeAV Install
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntSword Webshell User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Attempt
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Sucessful Exploit
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ApolloLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ApolloLocker Ransomware CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Kupay Wallet CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Union Crypto CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 SEDNIT Variant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28/SkinnyBoy Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/SkinnyBoy Payload Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Uploader Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 Uploader Variant Fake Request to Google
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Cache_DLL SSL Cert
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - Evil Twitter Callback
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - MAL_REFERER
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29/Wellness CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Agtid callback
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Backspace CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Bitter Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Cheshire Cat CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT CozyCar SSL Cert 2
Description
Recommendation
ET MALWARE APT CozyCar SSL Cert 5
Description
Recommendation
ET MALWARE APT CozyCar SSL Cert 6
Description
Recommendation
ET MALWARE APT CozyCar SSL Cert 7
Description
Recommendation
ET MALWARE APT CozyCar SSL Cert 8
Description
Recommendation
ET MALWARE APT/Donot Group Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/FamousSparrow Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Fwits CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT.Fwits CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Hellsing Proxy Checker Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lazarus Nukesped Downloader
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lurker POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Mustang Panda Payload - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt C2 Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Operation Sidecopy lnk Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT OSX.XSLCmd CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/TransparentTribe CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/TransparentTribe Style Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor Intial Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor User-Agent (ALIZER)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ares Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Advtravel Campaign GET Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checking filename
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Exfiltrating files
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT File information
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (SK)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skype)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skypee)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Date
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Serial
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AridViper CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer Config Download Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer IP Lookup
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArrobarLoader CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader/TeleRAT Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ASNAROK Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Data Post to C&C
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Form Submission to C&C
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asterope Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AstroBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Athena DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Atya Dropper Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aura Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AutoHotkey Downloader Checkin via IPLogger
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AutoHotKey offthewall Downloader Requesting Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Avzhan DDoS Bot User-Agent MyIE
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult Variant.4 Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babar POST Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babax Stealer Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BabyShark CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BACKCONFIG CnC Downloader Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Egobot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise CnC Beacon 1 M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2 M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise Style IP Check
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise Style IP Check M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Esion CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Graybird Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor Lanfiltrator Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Meciv Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.bjjv Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.myttae User-Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Ixeshe
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Ping Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/PcClient.AA Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.PEx.942728546 Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.RShot HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Get Config Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Put
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Trup.CX Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Xtrat Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backoff POS Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadPatch CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Baldr Stealer Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin - Server Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Connectivity Check
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Headers - Likely CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bancos/Banker Info Stealer Post
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BandarChor/CryptON Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BandarChor Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (hhh)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Ms)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Mz)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (MzApp)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker PWS/Infostealer HTTP GET Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker Trojan (General) HTTP Checkin (vit)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banking Trojan HTTP Cookie
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin Detected (envia.php)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload POST Checkin (dados)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload User-Agent Detected (ExampleDL)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaBackdoor Variant CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT GET request CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT POST request CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bebloh connectivity check
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim payload retrieval
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BestAntivirus2011 Fake AV reporting
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Betabot Checkin 5
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BF Botnet CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BigLock Ransomware CnC Activity (id)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BIOPASS RAT Go Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BIOPASS RAT Python Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitcoin variant Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter APT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BITTERBUG Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter RAT HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bitter RAT HTTP CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_SLOTH.A Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackbeard Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C (2)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy POST Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2 POST Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x Plugin Download Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackMatter CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackshadesRAT Reporting
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech Plead Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BleachGap Ransomware Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Blue Bot DDoS Blog Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Logger Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Proxy Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Target Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bolek HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Book of Eli CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bookworm CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bookworm CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bossabot DDoS tool RFI attempt
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bot Backdoor Checkin/registration Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BOUNCEBEAM Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bravix Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brazilian Banker SSL Cert
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab CnC URL Detected
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab Downloader Communicating With Controller (1)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BroBot POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Rivest)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BrushaLoader CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer - DomainInfo User-Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Download Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Successful Payload Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BUILDINGCAN CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buran Ransomware Activity M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Buran Ransomware Activity M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BYOB - Python Backdoor Loader Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BYOB - Python Backdoor Stager Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE C3Pool CoinMiner Setup Script Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Campo Loader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Capfire4 Checkin (register machine)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE carberp check in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp checkin task
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp CnC request POST /set/task.html
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp file download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Casbaneiro CnC Host Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cashout Proxy Bot reg_DST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBeplay Downloading Design
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay.P Ransomware
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CenterPOS CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Delete Plugins
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Load Plugins
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CerberTear Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Server Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaseBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (command)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (file)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (hello)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (result)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Chthonic CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Citadel Activity POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Citadel Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (aspx)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (PHP)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Click Fraud Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ClipBanker Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - Coinminer Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Clipsa Stealer - Exfiltration Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CloudAtlas APT Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cloud Atlas CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CNRarypt Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cobalt Group SSL Certificate Detected
Description
Recommendation
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt STrike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Bing Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Observed
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Observed (MASB UA)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Exfiltration
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cohhoc RAT CnC Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoinVault CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault POST M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CollectorStealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Outbound Communication
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew Possible APT backdoor download logo.png
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Access Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL (partner)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (farfly checkin)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (pid - mac)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (wmid - ucid)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Trojan HTTP GET Logging
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre URI/Headers Struct
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Zbot EXE filename Dec 09 2013
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE COMRAT CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ConstructorWin32/Agent.V
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cookies/Cookiebag Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Requesting Module
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Covenant Framework HTTP Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar V2 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Criptobit/Mobef Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CROSSWALK CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M5
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptojoker Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptolocker Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLocker EXE Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoPatronum Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoShield Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall CryptoWall 3.0 Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Curso Banker Downloading Modules
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT User-Agent (USER_CHECK)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cyborg Ransomware - Downloading Desktop Background
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cycbot POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE D1onis Stealer Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Execution
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Extraction
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Daemonize.ft HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dalexis CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dalexis Downloading EXE
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot Associated Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot UA Observed
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CNC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkHotel Downloader CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Downloader CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Initial Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Payload Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Darkness DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Databack CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DATA-BROKER BOT Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRAT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M11
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M12
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M13
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat Initial CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ddex Loader Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Job Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Slave POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet Miner Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin via HTTP
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Janicab CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Powersing CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecebalPOS User-Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecryptmyFiles Ransomware CnC (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE DEEP PANDA Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delf Checkin via HTTP (5)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer-715 Install Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.MC(vf) HTTP Request - Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.Trojan Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DiamondFox HTTP Post CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ext Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ignore Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Key Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Landing Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Priority Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Services Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Wipe Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol HTTP Cookie Observed
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirectsX CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirtJumper Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DistTrack/Shamoon CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DistTrack/Shamoon CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DLoader File Download Request Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DMSpammer HTTP Post Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Commands Embedded in Webpage Inbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Requesting Config
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Domen SocEng Redirect - Landing Page Observed
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonBot Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donkeyp2p Update Detected
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Pult Downloader Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Template Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dooptroop CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dooptroop Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot GeoIP Lookup to wipmania
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot Loader Payload Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downadup/Conficker A or B Worm reporting
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Downloaded .bat Disables Real Time Monitoring
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded .bat Disables Windows Defender
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded Script Disables Firewall/Antivirus
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader (P2P Zeus dropper UA)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Banload Reporting
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Geral Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader Win32.Small.agoy Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Small CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dridex Base64 Executable
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex/Bugat/Feodo Cookie
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo GET Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo POST Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex DL Pattern Feb 18 2016
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex Post Check-in Activity
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Retrieving Second Stage
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex v2 POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Driveby Exploit Attempt Often to Install Monkif
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Driveby Loader Request List.php
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Encoded Binary - Server Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dumador Reporting User Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DustySky CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DustySky Payload Link Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyre CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Ex-filtrating Data
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Fake Server Header
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/Mist Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ElectroRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF_BASHLITE.SMB Dropping Files
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/DarkNexus User-Agent
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/LiLocked Ransom Note in HTTP Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/MachO.Netwire Connectivity Check
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mayhem Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M1 (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai User-Agent Observed (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Damien)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (lessie)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Rift)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Solar)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Damien)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (lessie)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Rift)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Solar)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/muBoT User-Agent (I'm a mu mu mu ?)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Attempting to Download Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Scanner Module Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/TooEasy Miner CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE EMAIL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Certificate Observed M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet Post Drop C2 Comms M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet v2 Exfiltrating Outlook information
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Wifi Bruter Module Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC GET
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enigma Locker Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Cobalt Strike Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [eSentire] VBS Retrieving Malicious Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ESPecter Bootkit Initialization Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Ping
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Registration Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EUPUDS.A Requests for Boleto replacement
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Google Drive Download
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Monero Cryptocurrency Miner Request Pools
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evilnum Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Connectivity Check
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Error Report
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Response
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil PDF Retrieving Emotet Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer Retrieving CnC Information
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Exorcist 2.0 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKBEN Ransomware
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FAKE AOL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.dfze/FakeAV!IK Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV FakeSmoke HTTP POST check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV GET
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE AV HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Install
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page (aid sid)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV oms.php Data Post
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV security_scanner.exe
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV User-Agent XML
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Faked Russian Opera UA without Accept - probable downloader
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Google Chrome Notifications Installer
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake IBM SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKEIE Minimal Headers (flowbit set)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE/ROGUE AV/Security Application Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Virtually SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Windows Scam ScreenLocker
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE YAHOO SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Farfli HTTP Checkin Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Initial Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS RAM Scraper Sending Details
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Reporting Error Code
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Keystrokes
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Status Logs
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Software Update Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Successful Software Update Request
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Version Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FBot Downloader Generic GET for ARM Payload
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Felismus CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Felismus CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FF-RAT Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FighterPOS CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FighterPOS CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Fileless infection dropped by EK CnC Beacon
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Filename explorer.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename server.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename svchost.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN6 StealerOne CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Activity (GET)
Description
Recommendation
ET MALWARE FIN7 JSSLoader Activity (POST)
Description
Recommendation
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FindPOS Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.BEACON M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M4
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FlashBack Mac OSX malware Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (GET)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (POST)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Formbook 0.3 Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FormBook CnC Checkin (POST) M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FortDisco Reporting Status
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M3
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M4
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Data)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Yuok)
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRatReporter check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Error Report POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSocket Request M1
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSockets Request M2
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FraudLoad.aww HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop Checkin
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA LETITGO
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA single
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fruspam polling for IP likely infected
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer Init Activity
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer Data Exfil
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gaboc Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Galock Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Gamania Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.