Suspicious Network Activity - IDS

ET HUNTING Suspicious EXE Download Content-Type image/jpeg

These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Adobe PKG Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ARM File Requested via WGET (set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Flowbit set for POST to Quicken Updater

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO GET Minimal HTTP Headers Flowbit Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO IE7UA No Cookie No Referer

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO maas.io Image Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download (set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download - Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (no .exe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request to Dotted Quad

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible WinHttpRequest (no .exe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Symantec Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO User-Agent (wininet)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Windows Update/Microsoft FP Flowbit

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ZoneAlarm Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44Calibar Variant Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44 Caliber Stealer Data Exfil via Discord

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (bigudp)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (dns)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (stop)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (syn)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Activity related to APT.Seinup Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Agent.BAAB Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla Communicating with CnC Server

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla PWS HTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alfa/Alpha Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Alina Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina Server Response Code

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina User-Agent(Alina)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alman Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AlphaCrypt CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt Connectivity Check 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Alureon Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey CnC Check-In

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT Init Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT WebSocket Session

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/FakeKakao checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin Dec 29 2014

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Check-in Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Downloading Module

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntiVirus exe Download Likely FakeAV Install

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntSword Webshell User-Agent Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Sucessful Exploit

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ApolloLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE ApolloLocker Ransomware CnC Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Kupay Wallet CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Union Crypto CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL Related CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 SEDNIT Variant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28/SkinnyBoy Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/SkinnyBoy Payload Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Uploader Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 Uploader Variant Fake Request to Google

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Cache_DLL SSL Cert

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - Evil Twitter Callback

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - MAL_REFERER

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29/Wellness CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Agtid callback

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Backspace CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT/Bitter Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/Bitter Related Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-48 Related Activity Retrieving ConsoleHost (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Cheshire Cat CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT CozyCar SSL Cert 2

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 5

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 6

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 7

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 8

Description

Recommendation

ET MALWARE APT/Donot Group Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/FamousSparrow Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Fwits CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT.Fwits CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT Hellsing Proxy Checker Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lazarus Nukesped Downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lurker POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT Mustang Panda Payload - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt C2 Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Operation Sidecopy lnk Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT OSX.XSLCmd CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe Style Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor Intial Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor User-Agent (ALIZER)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ares Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Gopher Related User-Agent (aimxxhwpcc)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Advtravel Campaign GET Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checking filename

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Exfiltrating files

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT File information

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (SK)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skype)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skypee)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Date

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Serial

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AridViper CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer Config Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer IP Lookup

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArrobarLoader CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader/TeleRAT Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Related Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Data Post to C&C

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Form Submission to C&C

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asterope Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AstroBot CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Athena DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Atya Dropper Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aura Ransomware User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Aurora Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE AutoHotkey Downloader Checkin via IPLogger

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AutoHotKey offthewall Downloader Requesting Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Avzhan DDoS Bot User-Agent MyIE

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult Variant.4 Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babar POST Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babax Stealer Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BabyShark CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BACKCONFIG CnC Downloader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Egobot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise CnC Beacon 1 M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 2 M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 3 M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 3 M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise Style IP Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise Style IP Check M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Esion CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Graybird Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor Lanfiltrator Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Meciv Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.bjjv Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.myttae User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Ixeshe

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Ping Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/PcClient.AA Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.PEx.942728546 Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.RShot HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Get Config Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Put

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Trup.CX Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Xtrat Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backoff POS Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadPatch CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Baldr Stealer Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin - Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Headers - Likely CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bancos/Banker Info Stealer Post

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BandarChor/CryptON Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE BandarChor Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (hhh)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Ms)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Mz)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (MzApp)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker PWS/Infostealer HTTP GET Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker Trojan (General) HTTP Checkin (vit)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banking Trojan HTTP Cookie

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin Detected (envia.php)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload POST Checkin (dados)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload User-Agent Detected (ExampleDL)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaBackdoor Variant CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT GET request CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT POST request CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bebloh connectivity check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BePush/Kilim CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BePush/Kilim payload retrieval

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BestAntivirus2011 Fake AV reporting

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Betabot Checkin 5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BF Botnet CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BigLock Ransomware CnC Activity (id)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE BIOPASS RAT Go Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BIOPASS RAT Python Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitcoin variant Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter APT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BITTERBUG Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter RAT HTTP CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bitter RAT HTTP CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_SLOTH.A Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackbeard Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C (2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy POST Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2 POST Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x Plugin Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Black KingDom Ransomware Related Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE BlackMatter CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackshadesRAT Reporting

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech Plead Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BleachGap Ransomware Checkin (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Blue Bot DDoS Blog Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Logger Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Proxy Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Target Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bolek HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Book of Eli CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bookworm CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bookworm CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bossabot DDoS tool RFI attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bot Backdoor Checkin/registration Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BOUNCEBEAM Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bravix Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brazilian Banker SSL Cert

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab CnC URL Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab Downloader Communicating With Controller (1)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BroBot POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Rivest)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BrushaLoader CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer - DomainInfo User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Successful Payload Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BUILDINGCAN CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buran Ransomware Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Buran Ransomware Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE BYOB - Python Backdoor Loader Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BYOB - Python Backdoor Stager Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bzub2 Related RPC/Http Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE C3Pool CoinMiner Setup Script Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE Campo Loader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Capfire4 Checkin (register machine)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE carberp check in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp checkin task

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp CnC request POST /set/task.html

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp file download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Casbaneiro CnC Host Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cashout Proxy Bot reg_DST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBeplay Downloading Design

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay.P Ransomware

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE CenterPOS CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Delete Plugins

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Load Plugins

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CerberTear Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaseBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (command)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (file)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (hello)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (result)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Chthonic CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Citadel Activity POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Citadel Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (aspx)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (PHP)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Click Fraud Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ClipBanker Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - Coinminer Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE Clipsa Stealer - Exfiltration Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CloudAtlas APT Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cloud Atlas CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CNRarypt Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Cnzz.cn Related Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Group SSL Certificate Detected

Description

Recommendation

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt STrike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Bing Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Observed (MASB UA)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Havex APT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 OCSP Profile

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (OneDrive)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (bg)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Webbug Profile

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Related Activity (GET)

Description

This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Cohhoc RAT CnC Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoinVault CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CoinVault CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CoinVault POST M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CollectorStealer CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Outbound Communication

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew Possible APT backdoor download logo.png

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Access Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL (partner)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (farfly checkin)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (pid - mac)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (wmid - ucid)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Trojan HTTP GET Logging

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre URI/Headers Struct

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Zbot EXE filename Dec 09 2013

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE COMRAT CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Conficker/KernelBot/MS08-067 related Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ConstructorWin32/Agent.V

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cookies/Cookiebag Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Requesting Module

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Covenant Framework HTTP Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyCar CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyCar V2 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyDuke APT HTTP GET CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyDuke APT HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Criptobit/Mobef Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE CROSSWALK CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptojoker Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptolocker Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLocker EXE Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE CryptoPatronum Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE CryptoShield Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall CryptoWall 3.0 Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Curso Banker Downloading Modules

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT User-Agent (USER_CHECK)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cyborg Ransomware - Downloading Desktop Background

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Cycbot POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE D1onis Stealer Sending Data to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Execution

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Extraction

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Daemonize.ft HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dalexis CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dalexis Downloading EXE

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot Associated Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot UA Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CNC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkHotel Downloader CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Downloader CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Initial Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Payload Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Darkness DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Databack CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DATA-BROKER BOT Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRAT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M11

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M12

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M13

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat Initial CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ddex Loader Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Job Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Slave POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet Miner Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin via HTTP

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Janicab CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Powersing CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecebalPOS User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecryptmyFiles Ransomware CnC (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE DEEP PANDA Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delf Checkin via HTTP (5)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Densmail.com Related Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer-715 Install Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.MC(vf) HTTP Request - Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.Trojan Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DiamondFox HTTP Post CnC Checkin M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ext Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ignore Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Key Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Landing Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Priority Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Services Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Wipe Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol HTTP Cookie Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirectsX CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirtJumper Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DistTrack/Shamoon CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DistTrack/Shamoon CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE D-Link ShareCenter (DNS-320/325) RCE (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DLoader File Download Request Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DMSpammer HTTP Post Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Commands Embedded in Webpage Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Requesting Config

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Domen SocEng Redirect - Landing Page Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonBot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donkeyp2p Update Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Pult Downloader Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Template Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dooptroop CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dooptroop Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot GeoIP Lookup to wipmania

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot Loader Payload Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downadup/Conficker A or B Worm reporting

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Downloaded .bat Disables Real Time Monitoring

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded .bat Disables Windows Defender

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded Script Disables Firewall/Antivirus

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In - Possible Win32.Small.htz related

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader (P2P Zeus dropper UA)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Banload Reporting

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Geral Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader Win32.Small.agoy Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Small CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dridex Base64 Executable

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex/Bugat/Feodo Cookie

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo GET Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo POST Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex DL Pattern Feb 18 2016

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex Post Check-in Activity

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Retrieving Second Stage

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex v2 POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Driveby Exploit Attempt Often to Install Monkif

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Driveby Loader Request List.php

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dropper Checkin 2 (often scripts.dlv4.com related)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dropper Checkin (often scripts.dlv4.com related)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Encoded Binary - Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dumador Reporting User Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DustySky CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DustySky Payload Link Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyre CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Ex-filtrating Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Fake Server Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/Mist Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ElectroRAT CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF_BASHLITE.SMB Dropping Files

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/DarkNexus User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/LiLocked Ransom Note in HTTP Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/MachO.Netwire Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mayhem Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M1 (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai User-Agent Observed (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Damien)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (lessie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Rift)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Solar)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Damien)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (lessie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Rift)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Solar)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/muBoT User-Agent (I’m a mu mu mu ?)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Attempting to Download Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Scanner Module Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/TooEasy Miner CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE EMAIL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Certificate Observed M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Emotet Post Drop C2 Comms M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet v2 Exfiltrating Outlook information

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Wifi Bruter Module Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enigma Locker Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Cobalt Strike Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [eSentire] VBS Retrieving Malicious Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE ESPecter Bootkit Initialization Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Ping

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Registration Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EUPUDS.A Requests for Boleto replacement

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Google Drive Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Monero Cryptocurrency Miner Request Pools

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evilnum Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Error Report

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil PDF Retrieving Emotet Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer Retrieving CnC Information

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Exorcist 2.0 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKBEN Ransomware

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE FAKE AOL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.dfze/FakeAV!IK Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV FakeSmoke HTTP POST check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE AV HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Install

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page (aid sid)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV oms.php Data Post

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV security_scanner.exe

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV User-Agent XML

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Faked Russian Opera UA without Accept - probable downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Google Chrome Notifications Installer

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake IBM SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKEIE Minimal Headers (flowbit set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Opera 8.11 UA related to Trojan Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE/ROGUE AV/Security Application Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Virtually SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Windows Scam ScreenLocker

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE YAHOO SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeYak or Related Infection Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Farfli HTTP Checkin Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Initial Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS RAM Scraper Sending Details

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Reporting Error Code

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Keystrokes

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Status Logs

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Software Update Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Successful Software Update Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Version Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FBot Downloader Generic GET for ARM Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Felismus CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Felismus CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FF-RAT Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FighterPOS CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FighterPOS CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Fileless infection dropped by EK CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Filename explorer.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename server.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename svchost.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN12 Related ICECANDLE/Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FIN12 Related WEIRDLOOP/Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FIN12 Related WHITEDAGGER/Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FIN6 StealerOne CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Activity (GET)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Activity (POST)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FindPOS Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FinSpy Related Flash Installer Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FinSpy Related WinRAR Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.BEACON M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FlashBack Mac OSX malware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Formbook 0.3 Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FormBook CnC Checkin (POST) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FortDisco Reporting Status

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Data)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Yuok)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRatReporter check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Error Report POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSocket Request M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSockets Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FraudLoad.aww HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA LETITGO

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA single

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fruspam polling for IP likely infected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer Init Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullspace.cc or Related Checkin (2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gaboc Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Galock Ransomware Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Gamania Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Maldoc Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon File Stealer POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon MalDoc CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Related VBS Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamarue/Andromeda Downloading Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gameredon Loader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GandCrab Style External IP Check (Spoofed Yahoo Host)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GanDownloader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Submitting Logs to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gatak CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gazer HTTP POST Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Related Downloader User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Banker.PWS POST Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Downloader Checkin URL (GUID+)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Trojan Downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST Packet 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - 8Char.JAR Naming Algorithm

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic .bin download from Dotted Quad

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Bot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Checkin - MSCommonInfoEx

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader checkin (3)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader Checkin - HTTP GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader - HTTP POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper/Clicker Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic gate .php GET with minimal headers

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GENERIC Likely Malicious Fake IE Downloading .exe

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Password Stealer User Agent Detected (RookIE)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To file.php w/Extended ASCII Characters

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Request to gate.php Dotted-Quad

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan Checkin (UA VBTagEdit)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan with /? and Indy Library User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Win32.Autorun HTTP Post

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Genome User-Agent (Http Down)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Geocon CnC Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot initial checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot requesting update

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georgian Targeted Attack - Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GhostWriter APT Related Cobalt Strike Activity (GET)

Description

Recommendation

ET MALWARE Gimemo Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GlitchPOS CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Glupteba CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Anubis CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Godlua Backdoor Downloading Encrypted Lua

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Hack Browser Data Exfil Attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoLang Discord Token Grabber Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gootkit Checkin User-Agent 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/PSW.Agent_AGen.A Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/BlackNet Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi check-in / update

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi Communication 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Grabftp Module Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro CnC Activity (vbs)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro Downloader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GreenDou Downloader User-Agent (hello crazyk)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gulpix/PlugX Client Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE H1N1 Loader CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE H1N1 Loader CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE HabitsRAT Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE hacker87 checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Android Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Elite Windows Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Scout Windows Implant Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hades APT Downloader Attempting to Retrieve Stage 2 Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger 2 checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover related campaign Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover related campaign Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Harvester Group Downloader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response HTML Tag

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Initial Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Sending System Information

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HB_Banker16 Get

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HiddenTears Ransomware Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Higaisa CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higaisa CnC (ipconfig)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higasia CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HighTide trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader installed successfully request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader requesting payload URL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti/Mufanom Downloader Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hoax.Win32.BadJoke/DownLoader1.57593 Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HompesA Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark HTTP Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PowerShell Args Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded WScript.Shell Inbound - Stage 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Andromeda File Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Tasking File

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPTool User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon.DF Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon URL Infection Checkin Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (??)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (RAV1.23)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (VIP2007)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HYDSEVEN VBS CnC Host Information Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE IcedID/Emotet Certificate Observed M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID Observed Domain (loadfreeman .casa in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID WebSocket Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG JAVAFOG JAR checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat Backdoor Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat CnC Acitivty M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE iebar Spyware User Agent (iebar)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Illusion Bot (Lussilon) Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent IAMDDOS

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent kav

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent STORMDDOS

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent YTDDOS

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound JasperLoader Using Array Push Obfuscation

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound MonetizeUs/LNKR Struct

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inception APT malware

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT BoxCaon DropBox Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT xCaon/Textpadx Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE indux.php check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending LAN Details

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending Machine Details

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Bancos ProxyChanger Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Banprox Proxy.pac Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Internet Protection FakeAV checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IOS.Oneclickfraud HTTP Host

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IP Grabber CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Downloading .old

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Fantasy Name Gen

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ironhalo CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Iron/Maktub Locker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE ISMAgent CnC Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ISRStealer Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IsSpace/Zacom Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IXWARE Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JackPOS XOR Encoded HTTP Client Body (key AA)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jadtree Downloader rar

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jaff Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Jaff Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Jaff Ransomware Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE JAR/Qealler Stealer HTTP Headers Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasmin Ransomware C2 Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE JasperLoader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Archive sent when remote host claims to send an image

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Download non Jar file

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java/QRat Retrieving PE

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JavaScriptBackdoor HTTP GET CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Javascript Click and Removal of Download Element

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Javascript Displays malicious download page

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (file upload)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (system command)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE jFect HTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Joanap CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jorik FakeAV GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Agent.NZH CnC Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/HTA Downloader Behavior M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS.InfectedMikrotik Injects Domain Observed in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-10-07

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-11-02

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-10-07

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-11-02

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-06

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap Maldoc Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Outbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/RAA Ransomware check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS Sniffer Framework Sending to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Spy.Agent.AW Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/TrojanDownloader.Agent.TXV CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Unk Downloader 0 Byte POST CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M6

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M7

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JunkMiner Downloader Communicating with CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M1 (SET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M2 (SET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos/Hlux GET jucheck.exe from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos.K Executable Download DGA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger HTTP Pattern

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Uploading Screenshots

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (go https)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (kill)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (sleep)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyLogger related to FindPOS CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE KimJongRAT cnc exe pull

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky APT Related Host Data Exfil M4

Description

Recommendation

ET MALWARE Kimsuky APT Related Host Data Exfil M5

Description

Recommendation

ET MALWARE Kimsuky CSPY Downloader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor Secondary Payload Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Operation Blue Estimate CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (down)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (init)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (ping)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity Sending Windows Information (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Host Data Exfil M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Maldoc Activity (HEAD)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Maldoc Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Maldoc Retrieving Template (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Script Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky WildCommand CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KINS/ZeusVM Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE KINS/ZeusVM Variant Retrieving Config

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kishop.A checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KLog Nick Keylogger Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Knockbot Proxy Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Knock.php Shiz or Rohimafo CnC Server Contact URL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Malicious Doc Downloading Payload Dec 06 2016

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header CERT.PL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header INetSim

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Skunkx DDOS Bot User-Agent Cyberdog

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni RAT Exfiltrating Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni RAT Querying CnC for Commands

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni Related Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni Stage 2 Payload Exfiltrating Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface C&C availability check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface Checkin via POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface HTTP Request (2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface Trojan HTTP Post Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kovter Ransomware Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Kpang.com Related Trojan User-Agent (alertup)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KPOT Stealer Initial CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KPOT Stealer Initial CnC Activity M5

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kraken Ransomware End Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Kraken Ransomware Start Activity 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Kriptovor Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kriptovor External IP Lookup checkip.dyndns.org

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kriptovor Retrieving RAR Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kryptik Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kuluoz Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kuluoz/Asprox Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE L0rdix Stealer CnC Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE L0rdix Stealer CnC Sending Screenshot

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LAME SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lampion CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LankerBoy HTTP CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Lazarus APT Related Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lazarus Downloader (JEUSD) CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Lazarus Maldoc CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lazarus Related Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LeChiffre Ransomware CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Legion Loader Activity Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (Amen)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (carlos_castaneda)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (heil_moloch)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (heil_satan)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (legion)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (lilith)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (Mylegion666)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (neva-project)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (salmonella-symptome)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (satan)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (suspira)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (the devil)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (YourUserAgent)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Linux Shell Script CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Activity M14

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Checkin M6

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell - Install Tracking

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell - RDP Credential Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Arid Viper APT Advtravel Campaign GET Keepalive

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Arid Viper APT Advtravel Campaign POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely CryptoWall .onion Proxy domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Macro EXE DL mar 15 2016

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Macro EXE DL mar 28 2016

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Request for uac.exe With Minimal Headers

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Fake Antivirus Download InternetAntivirusPro.exe

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Likely Geodo/Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Likely Geodo/Emotet Downloading PE

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Geodo/Emotet Downloading PE

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Infected HTTP POST to PHP with User-Agent of HTTP Client

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Koobface Beaconing (getexe)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely PadCrypt Locker PKG DL

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likseput.B Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Limitless Logger RAT HTTP Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linkup Ransomware check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux DarkRadiation Ransomware Activity Attack Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Activity (curl)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Activity (wget)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Telegram Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Linux/Lady CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Lady CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/LuaBot CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/MayhemBruter Inbound Ping From CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Moose HTTP CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Moose HTTP CnC Beacon Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux.Mumblehard Command Status CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux.Mumblehard Initial Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux.Ngioweb Stage 1 CnC Activity Client Request (set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/SSHDoor.A Reporting Backdoor CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Torte Downloading Binary

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Remote Shell M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Remote Shell M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LNK/Agent.GX CnC Traffic

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LockPOS CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin Dec 5 M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin HTTP Pattern

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC checkin Nov 21

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC checkin Nov 21 M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky Intermediate Downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LogPOS Sending Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Cryptocurrency Wallet Exfiltration Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Fake 404 Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot File Exfiltration Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Keylogger Data Exfiltration Detected M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Keylogger Data Exfiltration Detected M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Request for C2 Commands Detected M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Request for C2 Commands Detected M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Screenshot Exfiltration Detected

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Loki Locker Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware Server Response (Public Key) M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware Server Response (Public Key) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LolliCrypt Ransomware Sending Data to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lop_com or variant Checkin (9kgen_up)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lost Door Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Response M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LuckyCat/TROJ_WIMMIE Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lucky Ransomware Reporting Successful File Encryption

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LumOffice Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil Attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil via Discord M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil via Discord M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lurk Click fraud Template Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lurk Downloader Check-in

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LYCEUM MSIL/DanBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyposit Ransomware Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Lyposit Ransomware Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mac Flashback Checkin 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac Flashback Checkin 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MacOS/UpdateAgent.A CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MacOS/UpdateAgent.A CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac Trojan HTTP Checkin (accept-language violation)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac User-Agent Typo INBOUND Likely Hostile

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart Exfil URI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart JS Retrieval

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magecart/Skimmer - AngryBeaver Exfil Attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MAGICHOUND.FETCH CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MAGICHOUND.FETCH Retrieving Malicious PowerShell

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MAGICHOUND.RETRIEVER CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Magician/M461c14n Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MagikPOS CnC Beacon

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MagikPOS Downloader Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MagikPOS Downloader Retrieving Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magniber Ransomware Retrieving Instructions

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity Sending Windows User Info (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity Sending Windows User Info (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity (set)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Downloading from Dropbox via API

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Exfil (2019-12-12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc OneDrive Download Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Request for Payload (TA505 Related)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Requesting Payload 2020-04-21

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Additional Resources (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Binary (Likely Trickbot)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload 2021-06-15

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Payload 2021-07-06

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload March 30 2017

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload May 23 2017 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Possible Ostap Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Remote Template (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Remote Template (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Second Stage VBS Downloader with URL Padding

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Sending Windows System Information (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Chrome Extension Requesting Websocket

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Cobalt Strike SSL Cert (asurecloud .tech)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Downloader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Dropper Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious JS.Nemucod to PS Dropping PE Nov 14 M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious lnk Downloader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Mega Chrome Extension Exfil Domain (www .megaopac .host in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Second Stage Payload Inbound 2021-02-19

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious SSL Certificate detected (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (FindPOS)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC)

Description

Recommendation

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (Patchwork CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (Possible Sinkhole)

Description

Recommendation

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Malicious VBE Script (COVID-19 Phish 2020-04-03)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious VBS Downloader fake image zip

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious XLS DDE rar Drop Attempt (.live)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious XLS DDE rar Drop Fake 404 Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mal/Ransom-CE Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MASSLOGGER Client Data Exfil (POST) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MassLogger Client Exfil (POST) M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matanbuchus Loader CnC M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matanbuchus Loader Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matiex Keylogger Exfil Via Telegram

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matryoshka CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matsnu Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maze/ID Ransomware Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mazilla Suspicious User-Agent Jan 15 2015

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Medfos Connectivity Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Medfos/Midhos Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP Variant CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP Variant CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MegalodonHTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MegalodonHTTP CoinMiner Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE MegalodonHTTP/LuciferHTTP Client Action

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Megumin v2 Stealer User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mekotio HTTP Method (111SA)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mera Keylogger POSTing keystrokes

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Meredrop/Nusump Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mermaid Ransomware Variant CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Mespinoza Ransomware - Pre-Encryption File Exfil to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE METALJACK APT32 CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mevade Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Domain Observed in SNI (samwinchester .club)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Reporting Infected System Information and RAT Version

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Response M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Response M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Screenshot Upload M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Screenshot Upload M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Sending JPG Screenshot to CnC with .his Extension

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Midhos/Medfos downloader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MilkyBoy CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MilkyBoy CnC Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE/MINEDOOR CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke variant C&C activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke Variant CnC Beacon via WebDAV

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Minirem

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirage Campaign checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Client Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Client Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Server Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miuref/Boaxxe Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ModPipe CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Moist Stealer CnC Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MoneroPay Ransomware Payment Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Monsoon Tinytyphon CnC Beacon Exfiltrating Docs

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Monsoon Tinytyphon CnC Beacon GET

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MontysThree HTTPTransport Module Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Moose CnC Request M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MosesStaff APT Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MRCR1 Ransomware Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MRCR1 Ransomware Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MS_D0wnl0ad3r Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MS_D0wnl0ad3r Screenshot Upload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.ATS CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.BIC Variant CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.DNL CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.DNL Server Response Task (whoami)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Checkin Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Data Exfil (sysinfo)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Task Command

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Alcatrez Locker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Almashreq CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Almashreq Executing New Processes

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Autorun.AD Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Azula Logger CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.BackNet Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/BlackGuard Stealer Exfil Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/BlackGuard Stealer Variant Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Bobik CnC Traffic

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoalaBot CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoderVir Stealer Zip Upload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoinMiner Performing System Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE MSIL/Document Stealer Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/EasyLocker Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Eredel Stealer CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G1 Stealer/GravityRAT Requesting Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G1 Stealer/GravityRAT Uploading File

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G2 Stealer/GravityRAT CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GenKryptik.FQRH Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GravityRAT CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/HadesLocker Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Heracles Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Hidden-Tear Variant Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Injector.VVP Downloader Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Juliens Botnet CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Karmen Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/KeyRedirEx Banker Receiving Exit Instruction

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/KeyRedirEx Banker Receiving Redirect/Inject List

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/KeyRedirEx Banker Requesting Redirect/Inject List

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Khonsri Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL.Kraken.v2 HTTP Pattern

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer IP Check

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer Screenshot Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer Systeminfo Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Lordix Stealer Exfiltrating Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Matrix Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Matrix Ransomware Sending Encrypted Filelist

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Monitor.PCTattletale.A Checkin (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/n2019cov (COVID-19) Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NewHT Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NoCry Ransomware Checkin Via Discord

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/PSW.Agent.QJK Stealer Data Exfil Via HTTP

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Runsome Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/SamMiner CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SamMiner CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat User-Agent Observed

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Spy.Banker.DH Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Spy.Keylogger.ENJ Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.JVN CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Small.CLJ CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Unk.HT-Based Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL.Zapchast Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MS Office Macro Dridex Download URI Jan 7 2015

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater alt checkin to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater Connectivity Check to Google

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater POST checkin to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater APT Related Activity (GET)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater APT Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater APT Related Maldoc Checkin M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater APT Related Telegram Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Registering with CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Requesting Command from CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Sending Command Output to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Sending Screenshot to CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Murlo Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MUROFET/Licat Trojan

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mustang Panda/RedDelta Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mustang Panda/RedDelta Downloader Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mutter Backdoor Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Load Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Load Payload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Posting Host Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Stats Callout Aug 18 2015

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Stats Callout Oct 28

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MZRevenge Ransomware CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Naoinstalad Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nbar.co.kr Related Trojan Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemty Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Nemty Ransomware Payment Page ID File Upload

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Nemucod Downloading Payload 2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemucod JS Downloader Aug 01 2017

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemucod JS Downloader June 12 2017

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NetBackdoor Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NetBackdoor User-Agent (.net backdoor)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Program Wrapper Download

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Proxy Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Proxy User-Agent (idk)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Related Activity (Program Wrapper)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce User-Agent (Netbounce)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Neverquest Request URI Struct

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Neverquest/Vawtrak Posting Data

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NEWPASS CnC Client Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings Data Exfiltration

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings POST with Fake UA and Accept Header

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nexus Stealer CnC Data Exfil

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NightfallGT Discord Nitro Ransomware

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE NightfallGT Discord Token Grabber

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NightfallGT Mercurial Grabber

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nitlove POS CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nitro Stealer Exfil Activity (Response)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM (TA421) EnvyScout Fingerprint Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM Win32/VaporRage Loader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Client CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Client Data POST

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Command Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Command Sent to Client

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Interactive Client CnC

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Novaloader Stage 2 VBS Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M3

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor - Sending SOCKS Details

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor - Task Response

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NS SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NuggetPhantom Module Download Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nuke Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Nymaim.BA CnC M1

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nymaim.BA CnC M2

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Obitel Downloader Request

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AHK Downloader Request Structure

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed APT41 Malicious SSL Cert (ColunmTK Campaign)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed APT/SideWinder CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AZORult CnC Domain (miscrosoftworrd .000webhostapp .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (bigjamg .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (cntrhum .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (dghns .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (doldig .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (gut45bg .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (moig .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (numklo .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (sh78bug .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (vighik .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Blackrota Domain (blackrato .ga in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .automercado .co .cr in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLUELIGHT Payload Domain (storage .jquery .services in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BOUNCEBEAM Backdoor CnC Domain (cloudflare .5156game .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buer Loader Domain (officewestunionbank .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buran Ransomware UA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA (BURAN)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA (GHOST)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Card Skimmer CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CDC Ransomware User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Certificate Containing Double Base64 Encoded Executable Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Certificate Containing Possible Base64 Encoded Powershell Inbound

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CloudAtlas APT Related Domain (checklicensekey .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Stike CnC Domain (nirsoft .me in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (charity-wallet .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed CobaltStrike CnC Domain (defendersecyrity .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (defenderupdateav .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (dimentos .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (gmbfrom .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (gojihu .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (Gojihu .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain in TLS SNI (cs .lg22l .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (krinsop .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (onlineworkercz .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (sazoya .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike CnC Domain (security-desk .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (securityupdateav .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed CobaltStrike CnC Domain (stg .pesrado .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (windowsupdatesc .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (www .msfthelpdesk .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (yawero .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike CnC Domain (yuxicu .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (Yuxicu .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike Domain (asureupdate .tech in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike Loader Domain (cybersecyrity .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike Related Domain (azurestat .app in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike Related Domain (cdnwin .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Observed Cobalt Strike Related Domain (croperdate .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Observed Cobalt Strike Related Domain (kaslose .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Observed Cobalt Strike Related Domain (world .healthamericacu .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike/TEARDROP CnC Domain Domain in TLS SNI (mobilnweb .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike User-Agent

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobInt CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobInt CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CoinMiner CnC Domain (en24zuggh3ywlj .x .pipedream .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE Observed CoinMiner CnC Domain (endpsbn1u6m8f .x .pipedream .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE Observed CoinMiner CnC Domain (enoyq5xy70oq .x .pipedream .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496

ET MALWARE Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DangerousPassword APT Related Domain (cop .osonlines .co in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DangerousPassword APT Related Domain (datacentre .center in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DangerousPassword APT Related Domain (shopapppro .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DangerousPassword APT Related Domain (shopapptech .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DarkSide Ransomware CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (catsdegree .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (temisleyes .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DCRat CnC Domain (dud-shotline .000webhostapp .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DCRat CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DecryptmyFiles Ransomware User-Agent (uniquesession)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Default CobaltStrike SSL Certificate

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DonotGroup Maldoc Related Domain (digitalresolve .live in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (download-serv-234116 .xyz)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (get-europe-group .bar)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (manholi .xyz)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (phonefix .bar)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain (phonefix .bar in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evil Keitaro TDS Redirection Domain (fiberswatch .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evrial Domain (cryptoclipper .ru in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evrial Domain (projectevrial .ru in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed FIN12 Related Cobalt Strike Domain (netrie .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Observed FIN12 Related Domain (hdhuge .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed FIN7 CnC Domain (injuryless .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed FIN7 Related Domain (swordoke .com in TLS SNI)

Description

Recommendation

ET MALWARE Observed FinSpy Domain (browserupdate .download in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Get2 CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Get2 CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GET Request to Jaff Domain (orhangazitur . com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GhostWriter APT Related Cobalt Strike Domain (ao3 .hmgo .pw in TLS SNI)

Description

Recommendation

ET MALWARE Observed Glupteba CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoLang Dropper Domain (en7dftkjiipor .x .pipedream .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed HTTP Request to Known PUA Host Domain

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed HTTP Request to Known PUA Host Domain

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain (nothingtodo .co in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (80frontluzkher .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (bruzilovv .top in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (deactivate .best in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (deactivate .pw in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (ldrtoyota .casa in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JS/Magecart Domain in TLS SNI (manag .icu)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JSSLoader Domain (deprivationant .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JSSLoader Variant Domain (legislationient .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (blackl1vesmatter .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (gogohid .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (vincentolife .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Karen Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Karen Ransomware Domain (karen .h07 .wlh .io in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Karen Ransomware Powershell Loader

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Koadic Header Structure

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lazarus APT Related Domain (designautocad .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lazarus Maldoc CnC Domain (shopweblive .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lazarus Related Domain (docs .gsheetpage .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lazarus Related Domain (share .bloomcloud .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lunar Builder Domain (lunarbuilder .000webhostapp .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain (mcdnn .me in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain (mcdnn .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Domain (webscriptly .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Exfil Domain (imags .pw in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (pathc .space in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (toolser .pw in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (zolo .pw in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (analiticsweb .site in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (cloudflare-cdnjs .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analitycs .site in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .online in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .website in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googletagsmanager .website in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (static-zdassets .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart/Skimmer - _try_action CnC Domain (cdn-frontend .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Maldoc CnC Domain (cloud-documents .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Maldoc Domain (travelcrimea .info in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Cobalt Strike SSL Cert (cdnengine .biz)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Cobalt Strike SSL Cert (setupfastonline .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups Domain (unohcr .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups (officemodel .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups (tcahf .org in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious FIN12 Related SSL Cert

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious FIN12 Related SSL Cert (serviceswork .net)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AgentTesla CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT29)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 JEShell CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT34 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT MustangPanda CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

Description

Recommendation

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-11-18

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bancos Variant CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Blackrota)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (chMiner/RAT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike Malleable C2 Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobInt CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CONFUCIOUS_B CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CoreBot C2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CoreDn/BLINDINGCAN Activity)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (DeadlyKiss APT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup/Patchwork CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ElegyRAT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ELF/Rekoobe CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fake Gmail Self Signed - Possible Cobalt Stirke)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN7/GRIFFON CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN7/JSSLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 Staging CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gelsemium CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (GRIFFON CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (IcedID CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (JS/Ostap CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (jssLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (JS WebSkimmer Exfil Site)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Klingon RAT)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc 2020-11-30)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc DL 2020-05-05)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (LazarusGroup CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Magecart/Skimmer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc 2020-03-09)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL) 2019-10-24

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-11-15)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 3)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-05-27)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-06-18)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-07-29)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MassLogger)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Meterpreter Paranoid Mode CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MICROPSIA CnC Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Mirrortheif group)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (More_eggs CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MosaicRegressor WinHTTP Downloader)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MSIL/Agent.TRM CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (NHS UK Covid Passport Phish)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OceanLotus APT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OilRig QUADAGENT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OZH Rat)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Panda Banker C2)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Panda Banker Injects)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (PhantomNet/Smanager CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Possible APT33 CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Possible Godlua CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERRATANKBA CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Python RAT (Aurora Campaign))

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Quasar CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ReactGet Group)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SedUploader)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ShadowHammer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SideWinder APT CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Silver Implant)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Strongpity CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (TaurusStealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Turla/APT34 CnC Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Turla CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Upatre CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif Inject Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif Injects)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (W32/TrojanDownloader.Agent.FBF Variant CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/SandCat CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Unk Downloader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zepakab CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zeromax Stealer CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zloader CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious UA (Skuxray)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malsmoke Staging Domain in SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malware Delivery Domain (analyticsnet .top in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malware Delivery Landing Page Domain (bigeront .top in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MassLogger Domain in TLS SNI (ecigroup-tw .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MAZE Ransomware CnC Domain (checksoffice .me in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MAZE Ransomware CnC Domain (plaintsotherest .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MAZE Ransomware CnC Domain (thesawmeinrew .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MSIL/Heracles Variant CnC Domain (stainless .fun in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MSIL/n2019cov (COVID-19) Ransomware CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Nemty Ransomware Payment Page

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486

ET MALWARE Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/NukeSped Variant CnC Domain (fudcitydelivers .com) in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/NukeSped Variant CnC Domain (sctemarkets .com) in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/WizardUpdate Domain in TLS SNI ( .dlvplayer .com)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Pegasus Domain (api1r3f4 .redirectweburl .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Pegasus Domain (hooklevel .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.