Suspicious Network Activity - IDS
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Adobe PKG Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ARM File Requested via WGET (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Flowbit set for POST to Quicken Updater
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO GET Minimal HTTP Headers Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO IE7UA No Cookie No Referer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO maas.io Image Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO McAfee AV Download - Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request (no .exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible MSXMLHTTP Request to Dotted Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Possible WinHttpRequest (no .exe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Symantec Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO User-Agent (wininet)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO Windows Update/Microsoft FP Flowbit
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET INFO ZoneAlarm Download Flowbit Set
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44Calibar Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE 44 Caliber Stealer Data Exfil via Discord
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (bigudp)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (dns)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (stop)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABCbot CnC Instruction (syn)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)
Description
Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.
Recommendation
Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Activity related to APT.Seinup Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Agent.BAAB Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla Communicating with CnC Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AgentTesla PWS HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alfa/Alpha Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Alina Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina Server Response Code
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alina User-Agent(Alina)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alman Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AlphaCrypt CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt Connectivity Check 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Alureon Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey CnC Check-In
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT Init Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/AhMyth RAT WebSocket Session
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Android/FakeKakao checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Checkin Dec 29 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Check-in Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Andromeda Downloading Module
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntiVirus exe Download Likely FakeAV Install
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AntSword Webshell User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Anuna PHP Backdoor Sucessful Exploit
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ApolloLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ApolloLocker Ransomware CnC Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Kupay Wallet CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AppleJeus - Union Crypto CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT15/NICKEL Related CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 SEDNIT Variant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28/SkinnyBoy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/SkinnyBoy Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Uploader Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 Uploader Variant Fake Request to Google
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Cache_DLL SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - Evil Twitter Callback
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29 Implant8 - MAL_REFERER
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT29/Wellness CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT39/Chafer Payload - CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Agtid callback
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Backspace CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Bitter Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/Bitter Related Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-23 Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT-C-48 Related Activity Retrieving ConsoleHost (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Cheshire Cat CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Donot Group Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/FamousSparrow Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT.Fwits CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT.Fwits CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Hellsing Proxy Checker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lazarus Nukesped Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT LuckyMouse Polpo Malware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Lurker POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Mustang Panda Payload - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT_NGO_wuaclt C2 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Operation Sidecopy lnk Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT OSX.XSLCmd CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT Related - BLACKCOFFEE Command Delimiters in HTTP Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/TransparentTribe CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE APT/TransparentTribe Style Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor Intial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArcDoor User-Agent (ALIZER)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ares Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Gopher Related User-Agent (aimxxhwpcc)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Advtravel Campaign GET Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Checking filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Exfiltrating files
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT File information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (SK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skype)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Possible User-Agent (Skypee)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Date
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arid Viper APT Transmitting Serial
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AridViper CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer Config Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Arkei Stealer IP Lookup
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArrobarLoader CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ArtraDownloader/TeleRAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ASNAROK Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ASNAROK Related Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Data Post to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asprox Form Submission to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Asterope Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AstroBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Athena DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Atya Dropper Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aura Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Aurora Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE AutoHotkey Downloader Checkin via IPLogger
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AutoHotKey offthewall Downloader Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo C2 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Aveo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Avzhan DDoS Bot User-Agent MyIE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.2 Server Response M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult v3.3 Server Response M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE AZORult Variant.4 Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babar POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Babax Stealer Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BabyShark CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BACKCONFIG CnC Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Egobot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise CnC Beacon 1 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise Style IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Elise Style IP Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Esion CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Graybird Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor Lanfiltrator Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Meciv Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.bjjv Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Agent.myttae User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Ixeshe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/Momibot Ping Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32/PcClient.AA Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.PEx.942728546 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.RShot HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Get Config Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Sykipot Put
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Trup.CX Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backdoor.Win32.Xtrat Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Backoff POS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadPatch CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Baldr Stealer Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BalkanDoor CnC Checkin - Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bamital Headers - Likely CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bancos/Banker Info Stealer Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BandarChor/CryptON Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BandarChor Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (hhh)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Ms)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (Mz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (MzApp)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker PWS/Infostealer HTTP GET Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banker Trojan (General) HTTP Checkin (vit)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banking Trojan HTTP Cookie
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload HTTP Checkin Detected (envia.php)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload POST Checkin (dados)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Banload User-Agent Detected (ExampleDL)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaBackdoor Variant CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BazaLoader CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bazaloader Variant Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT GET request CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BBSRAT POST request CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bebloh connectivity check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep Connectivity Check M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bedep HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim payload retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BestAntivirus2011 Fake AV reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Betabot Checkin 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BF Botnet CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bifrose/Cycbot Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BigLock Ransomware CnC Activity (id)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BIOPASS RAT Go Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BIOPASS RAT Python Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitcoin variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter APT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BITTERBUG Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bitter RAT HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bitter RAT HTTP CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BKDR_SLOTH.A Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackbeard Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackenergy Bot Checkin to C&C (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2 POST Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackEnergy v2.x Plugin Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Black KingDom Ransomware Related Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BlackMatter CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blackmoon/Banbra Configuration Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackshadesRAT Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech Plead Encrypted Payload Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blaze/Supreme Bot Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BleachGap Ransomware Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Blue Bot DDoS Blog Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Logger Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Proxy Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Blue Bot DDoS Target Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bolek HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Book of Eli CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bookworm CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bookworm CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bossabot DDoS tool RFI attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bot Backdoor Checkin/registration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BOUNCEBEAM Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Bravix Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brazilian Banker SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab CnC URL Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bredolab Downloader Communicating With Controller (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BroBot POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Brontok User-Agent Detected (Rivest)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BrushaLoader CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer - DomainInfo User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Successful Payload Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buer Loader Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BUILDINGCAN CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Buran Ransomware Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Buran Ransomware Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE BYOB - Python Backdoor Loader Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE BYOB - Python Backdoor Stager Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Bzub2 Related RPC/Http Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE C3Pool CoinMiner Setup Script Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Campo Loader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Capfire4 Checkin (register machine)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE carberp check in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp checkin task
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp CnC request POST /set/task.html
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Carberp file download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Casbaneiro CnC Host Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cashout Proxy Bot reg_DST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cayosin Botnet User-Agent Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBeplay Downloading Design
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CBReplay.P Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CenterPOS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Delete Plugins
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CenterPOS Load Plugins
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CerberTear Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Client CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaChi RAT Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ChaseBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (command)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (file)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (hello)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chinotto CnC Activity (result)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Chthonic CnC Beacon 5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Chthonic CnC Beacon 6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Citadel Activity POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Citadel Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (aspx)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cknife Shell Command Struct Inbound (PHP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Click Fraud Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ClipBanker Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Clipsa Stealer - Coinminer Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Clipsa Stealer - Exfiltration Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CloudAtlas APT Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cloud Atlas CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CNRarypt Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cnzz.cn Related Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt STrike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Bing Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Observed (MASB UA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (GET)
Description
This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cobalt Strike Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Cohhoc RAT CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoinVault CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault POST M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CollectorStealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Comfoo Outbound Communication
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CommentCrew Possible APT backdoor download logo.png
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Access Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Count Tracking URL (partner)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (farfly checkin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (pid - mac)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Downloader Install Report URL (wmid - ucid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Trojan HTTP GET Logging
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre Header Structure 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Upatre URI/Headers Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Common Zbot EXE filename Dec 09 2013
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE COMRAT CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Conficker/KernelBot/MS08-067 related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ConstructorWin32/Agent.V
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cookies/Cookiebag Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Module Download 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Corebot Requesting Module
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CoreDn CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Covenant Framework HTTP Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar V2 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP POST CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Criptobit/Mobef Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CROSSWALK CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CrownAdPro CnC Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptojoker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cryptolocker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLocker EXE Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoPatronum Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE CryptoShield Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall Check-in M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CryptoWall CryptoWall 3.0 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Curso Banker Downloading Modules
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE CyberGate RAT User-Agent (USER_CHECK)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Cyborg Ransomware - Downloading Desktop Background
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Cycbot POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE D1onis Stealer Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DADJOKE/Rail Tycoon Payload Extraction
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Daemonize.ft HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dalexis CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dalexis Downloading EXE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot Associated Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Danabot UA Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CNC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DarkHotel Downloader CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Downloader CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Initial Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Payload Uploading to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Darkness DDoS Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Databack CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DATA-BROKER BOT Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Datoploader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRAT Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M11
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M12
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat CnC Activity M13
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DCRat Initial CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ddex Loader Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Job Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet CnC Slave POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDG Botnet Miner Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DDoS.XOR Checkin via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Janicab CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DeathStalker/Powersing CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecebalPOS User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DecryptmyFiles Ransomware CnC (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE DEEP PANDA Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DEEP PANDA Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delf Checkin via HTTP (5)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Densmail.com Related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer-715 Install Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.MC(vf) HTTP Request - Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dialer.Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DiamondFox HTTP Post CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ext Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Ignore Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Key Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Landing Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Priority Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Register M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Services Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol Communicating with CnC - Wipe Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Diavol HTTP Cookie Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirectsX CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DirtJumper Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DistTrack/Shamoon CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DistTrack/Shamoon CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE D-Link ShareCenter (DNS-320/325) RCE (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DLoader File Download Request Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DMSpammer HTTP Post Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Commands Embedded in Webpage Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSpionage Requesting Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Domen SocEng Redirect - Landing Page Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonBot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donkeyp2p Update Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Pult Downloader Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DonotGroup Template Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dooptroop CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dooptroop Dropper Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot GeoIP Lookup to wipmania
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dorkbot Loader Payload Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downadup/Conficker A or B Worm reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downeks Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Downloaded .bat Disables Real Time Monitoring
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded .bat Disables Windows Defender
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloaded Script Disables Firewall/Antivirus
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Banload2.KZU Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader General Bot Checking In - Possible Win32.Small.htz related
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader (P2P Zeus dropper UA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Banload Reporting
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Geral Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader Win32.Small.agoy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Downloader.Win32.Small CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Dridex Base64 Executable
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex/Bugat/Feodo Cookie
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo GET Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex/Bugat/Feodo POST Checkin
Description
Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.
Recommendation
Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.
Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe
Bugat will create a registry Run key that will start an executable upon login.
When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex CnC Request - Spam/Worm Component
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex DL Pattern Feb 18 2016
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex Post Check-in Activity
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex POST Retrieving Second Stage
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Dridex v2 POST Checkin
Description
Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.
Recommendation
Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.
ET MALWARE Driveby Exploit Attempt Often to Install Monkif
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Driveby Loader Request List.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dropper Checkin 2 (often scripts.dlv4.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dropper Checkin (often scripts.dlv4.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Binary Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DTLoader Encoded Binary - Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dumador Reporting User Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE DustySky CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE DustySky Payload Link Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyre CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Ex-filtrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Dyreza RAT Fake Server Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Echelon/Mist Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ElectroRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/AbcBot Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF_BASHLITE.SMB Dropping Files
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/DarkNexus User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Kinsing Payload Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/LiLocked Ransom Note in HTTP Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/MachO.Netwire Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mayhem Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M1 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Miner Loader Activity M2 (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai User-Agent Observed (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Damien)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (lessie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Rift)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Solar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Damien)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (lessie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Rift)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Solar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/muBoT User-Agent (I’m a mu mu mu ?)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Attempting to Download Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Muhstik Scanner Module Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/RedXOR CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/TooEasy Miner CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE EMAIL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Certificate Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet Post Drop C2 Comms M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet v2 Exfiltrating Outlook information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Emotet Wifi Bruter Module Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enfal CnC POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Enigma Locker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Cobalt Strike Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [eSentire] VBS Retrieving Malicious Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ESPecter Bootkit Initialization Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Ping
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EtumBot Registration Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EUPUDS.A Requests for Boleto replacement
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Google Drive Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil Monero Cryptocurrency Miner Request Pools
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evilnum Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Client Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EvilNum CnC Error Report
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EVILNUM CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evil PDF Retrieving Emotet Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Evrial Stealer Retrieving CnC Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Exorcist 2.0 Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKBEN Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE FAKE AOL SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAvCn-A Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.dfze/FakeAV!IK Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV.EGZ Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV FakeSmoke HTTP POST check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake AV GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE AV HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Install
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Landing Page (aid sid)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV oms.php Data Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV security_scanner.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV User-Agent XML
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeAV Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Faked Russian Opera UA without Accept - probable downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Google Chrome Notifications Installer
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake IBM SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKEIE Minimal Headers (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Opera 8.11 UA related to Trojan Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE/ROGUE AV/Security Application Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Software Download Redirect Leading to Malware M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Virtually SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fake Windows Scam ScreenLocker
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FAKE YAHOO SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FakeYak or Related Infection Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fareit/Pony Downloader Checkin 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Farfli HTTP Checkin Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS RAM Scraper Sending Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Reporting Error Code
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Keystrokes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Sending Status Logs
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Software Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Successful Software Update Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FastPOS Version Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FBot Downloader Generic GET for ARM Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Felismus CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Felismus CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FF-RAT Stage 1 CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FighterPOS CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FighterPOS CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Fileless infection dropped by EK CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Filename explorer.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename server.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Filename svchost.exe Download - Common Hostile Filename
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN12 Related ICECANDLE/Cobalt Strike Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WEIRDLOOP/Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN12 Related WHITEDAGGER/Cobalt Strike Beacon Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE FIN6 StealerOne CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FIN7 JSSLoader Variant Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FindPOS Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FinSpy Related Flash Installer Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FinSpy Related WinRAR Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.BEACON M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FlashBack Mac OSX malware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FoggyWeb Backdoor Incoming Request (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Formbook 0.3 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FormBook CnC Checkin (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FortDisco Reporting Status
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Foudre Checkin M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Data)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRat check-in (Yuok)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FOX-SRT ShimRatReporter check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRAT Downloader Error Report POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSocket Request M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FRat WebSockets Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FraudLoad.aww HTTP CnC Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA LETITGO
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FrauDrop UA single
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fruspam polling for IP likely infected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE FTCode Stealer Init Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullspace.cc or Related Checkin (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gaboc Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Galock Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Gamania Trojan Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Maldoc Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon File Stealer POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon MalDoc CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Related VBS Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamarue/Andromeda Downloading Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gameredon Loader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamut Spambot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gamut Spambot Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GandCrab Style External IP Check (Spoofed Yahoo Host)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GanDownloader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket Requesting Commands from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gasket Submitting Logs to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gatak CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gazer HTTP POST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Downloader Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GCleaner Related Downloader User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Banker.PWS POST Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Downloader Checkin URL (GUID+)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Trojan Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Win32 Backdoor Checkin POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE General Win32 Backdoor Checkin POST Packet 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - 8Char.JAR Naming Algorithm
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic .bin download from Dotted Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Bot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Checkin - MSCommonInfoEx
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader checkin (3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader Checkin - HTTP GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Downloader - HTTP POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper/Clicker Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper Installing PUP 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Dropper Installing PUP 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic gate .php GET with minimal headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GENERIC Likely Malicious Fake IE Downloading .exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Password Stealer User Agent Detected (RookIE)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic -POST To file.php w/Extended ASCII Characters
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - POST To .php w/Extended ASCII Characters
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Request to gate.php Dotted-Quad
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Trojan Checkin (UA VBTagEdit)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Trojan with /? and Indy Library User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Generic Win32.Autorun HTTP Post
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Genome User-Agent (Http Down)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Geocon CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot initial checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georbot requesting update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Georgian Targeted Attack - Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gimemo Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GlitchPOS CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Glupteba CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/Anubis CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Godlua Backdoor Downloading Encrypted Lua
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/Hack Browser Data Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoLang Discord Token Grabber Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoldenSpy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GoldenSpy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gootkit Checkin User-Agent 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Go/PSW.Agent_AGen.A Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GORGON APT Download Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GORGON APT Download Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/BlackNet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi check-in / update
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi Communication 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/Ursnif/Papras Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gozi/Ursnif/Papras Grabftp Module Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Grandoreiro CnC Activity (vbs)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Grandoreiro Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE GreenDou Downloader User-Agent (hello crazyk)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Gulpix/PlugX Client Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE H1N1 Loader CnC Beacon M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE H1N1 Loader CnC Beacon M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE HabitsRAT Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE hacker87 checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Android Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Elite Windows Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hacking Team Scout Windows Implant Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hades APT Downloader Attempting to Retrieve Stage 2 Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover Campaign Keylogger 2 checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover Campaign Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover related campaign Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hangover related campaign Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Harvester Group Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Havex RAT CnC Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Havex RAT CnC Server Response HTML Tag
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Initial Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HAWKBALL CnC Sending System Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Haxdoor Reporting User Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Haxdoor Reporting User Activity 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HB_Banker16 Get
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HiddenTears Ransomware Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Higaisa CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Higaisa CnC (ipconfig)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Higasia CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HighTide trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti loader installed successfully request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti loader requesting payload URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hiloti/Mufanom Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hoax.Win32.BadJoke/DownLoader1.57593 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HompesA Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTA.BabyShark Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTA.BabyShark HTTP Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded PowerShell Args Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTML/Xbash Hex Encoded WScript.Shell Inbound - Stage 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Andromeda File Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Tasking File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Task Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPCore CnC Task Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HTTPTool User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon.DF Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon URL Infection Checkin Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (??)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (RAV1.23)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Hupigon User Agent Detected (VIP2007)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE HYDSEVEN VBS CnC Host Information Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID CnC Domain in SSL/TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE IcedID/Emotet Certificate Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID Observed Domain (loadfreeman .casa in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IcedID WebSocket Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG JAVAFOG JAR checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG-P Variant CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ICEFOG-P Variant CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IceRat Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IceRat CnC Acitivty M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE iebar Spyware User Agent (iebar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IIStealer Inbound Exfil Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IIStealer Inbound Exfil Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Illusion Bot (Lussilon) Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent IAMDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent kav
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent STORMDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IMDDOS Botnet User-Agent YTDDOS
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound JasperLoader Using Array Push Obfuscation
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound MonetizeUs/LNKR Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Inception APT malware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IndigoZebra APT BoxCaon DropBox Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IndigoZebra APT xCaon/Textpadx Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE indux.php check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE InfoBot Sending LAN Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE InfoBot Sending Machine Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Bancos ProxyChanger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Banprox Proxy.pac Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Jackpos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Jackpos Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Mysayad Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Infostealer.Mysayad Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Instagram Like Bot (like4u) CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Instagram Like Bot (like4u) CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Internet Protection FakeAV checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IOS.Oneclickfraud HTTP Host
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IP Grabber CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IrcBot Downloading .old
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IrcBot Fantasy Name Gen
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ironhalo CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Iron/Maktub Locker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE ISMAgent CnC Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ISRStealer Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IsSpace/Zacom Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ixeshe/Mecklow Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Ixeshe/Mecklow Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE IXWARE Stealer CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JackPOS XOR Encoded HTTP Client Body (key AA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jadtree Downloader rar
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jaff Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Jaff Ransomware Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JAR/Qealler Stealer HTTP Headers Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasmin Ransomware C2 Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JasperLoader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jasper URI Path Observed M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java Archive sent when remote host claims to send an image
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java Download non Jar file
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Java/QRat Retrieving PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JavaScriptBackdoor HTTP GET CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Javascript Click and Removal of Download Element
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Javascript Displays malicious download page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jembot PHP Webshell (file upload)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jembot PHP Webshell (system command)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE jFect HTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Joanap CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jorik FakeAV GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Agent.NZH CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/HTA Downloader Behavior M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS.InfectedMikrotik Injects Domain Observed in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-11-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-11-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-06
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Ostap CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Ostap Maldoc Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx CnC Activity - Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx CnC Activity - Outbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JsOutProx Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/RAA Ransomware check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS Sniffer Framework Sending to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Spy.Agent.AW Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/TrojanDownloader.Agent.TXV CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/Unk Downloader 0 Byte POST CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE JunkMiner Downloader Communicating with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Jupyter Stealer Reporting System Information M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kaseya VSA Exploit Activity M1 (SET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kaseya VSA Exploit Activity M2 (SET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kelihos/Hlux GET jucheck.exe from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kelihos.K Executable Download DGA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyBase Keylogger Uploading Screenshots
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (go https)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (kill)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyloggerOnline Keylogger Checkin (sleep)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KeyLogger related to FindPOS CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE KimJongRAT cnc exe pull
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky CSPY Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Backdoor Secondary Payload Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Malware Suite Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky KGH Malware Suite Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Operation Blue Estimate CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (down)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (init)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (ping)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Activity Sending Windows Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Host Data Exfil M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (HEAD)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Maldoc Retrieving Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky Related Script Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kimsuky WildCommand CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KINS/ZeusVM Variant CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE KINS/ZeusVM Variant Retrieving Config
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kishop.A checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KLog Nick Keylogger Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Knockbot Proxy Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Knock.php Shiz or Rohimafo CnC Server Contact URL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Malicious Doc Downloading Payload Dec 06 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header CERT.PL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Sinkhole Response Header INetSim
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Known Skunkx DDOS Bot User-Agent Cyberdog
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni RAT Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni RAT Querying CnC for Commands
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni Related Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Konni Stage 2 Payload Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface C&C availability check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface Checkin via POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface HTTP Request (2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Koobface Trojan HTTP Post Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kovter Ransomware Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kpang.com Related Trojan User-Agent (alertup)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KPOT Stealer Initial CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE KPOT Stealer Initial CnC Activity M5
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kraken Ransomware End Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kraken Ransomware Start Activity 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Kriptovor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kriptovor External IP Lookup checkip.dyndns.org
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kriptovor Retrieving RAR Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kronos Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kryptik Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kuluoz Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Kuluoz/Asprox Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE L0rdix Stealer CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE L0rdix Stealer CnC Sending Screenshot
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LAME SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lampion CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LankerBoy HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Lazarus APT Related Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lazarus Downloader (JEUSD) CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Lazarus Maldoc CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lazarus Related Maldoc Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LeChiffre Ransomware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Legion Loader Activity Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (Amen)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (carlos_castaneda)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (heil_moloch)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (heil_satan)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (legion)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (lilith)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (Mylegion666)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (neva-project)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (salmonella-symptome)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (satan)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (suspira)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (the devil)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Legion Loader Activity Observed (YourUserAgent)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Linux Shell Script CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Activity M14
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell CnC Checkin M6
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell - Install Tracking
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lemon_Duck Powershell - RDP Credential Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Arid Viper APT Advtravel Campaign GET Keepalive
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Arid Viper APT Advtravel Campaign POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely CryptoWall .onion Proxy domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Macro EXE DL mar 15 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Macro EXE DL mar 28 2016
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Evil Request for uac.exe With Minimal Headers
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Fake Antivirus Download InternetAntivirusPro.exe
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Likely Geodo/Emotet CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Likely Geodo/Emotet Downloading PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Geodo/Emotet Downloading PE
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Infected HTTP POST to PHP with User-Agent of HTTP Client
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Koobface Beaconing (getexe)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likely PadCrypt Locker PKG DL
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Likseput.B Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Limitless Logger RAT HTTP Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linkup Ransomware check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux DarkRadiation Ransomware Activity Attack Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Activity (curl)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Activity (wget)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux DarkRadiation Ransomware Telegram Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Linux/Lady CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Lady CnC Beacon 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/LuaBot CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/MayhemBruter Inbound Ping From CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Moose HTTP CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Moose HTTP CnC Beacon Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux.Mumblehard Command Status CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux.Mumblehard Initial Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux.Ngioweb Stage 1 CnC Activity Client Request (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/SSHDoor.A Reporting Backdoor CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Linux/Torte Downloading Binary
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Remote Shell M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Linux/Tsunami Remote Shell M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LNK/Agent.GX CnC Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LockPOS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin Dec 5 M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC Checkin HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC checkin Nov 21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky CnC checkin Nov 21 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Locky Intermediate Downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LogPOS Sending Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Cryptocurrency Wallet Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Fake 404 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot File Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Keylogger Data Exfiltration Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Keylogger Data Exfiltration Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Request for C2 Commands Detected M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Request for C2 Commands Detected M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot Screenshot Exfiltration Detected
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Loki Locker Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Loki Locker Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LolliCrypt Ransomware Sending Data to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop_com or variant Checkin (9kgen_up)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lost Door Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Request M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE lu0bot Loader HTTP Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LuckyCat/TROJ_WIMMIE Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lucky Ransomware Reporting Successful File Encryption
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LumOffice Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil via Discord M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lunar Builder Exfil via Discord M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lurk Click fraud Template Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lurk Downloader Check-in
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyceum Backdoor CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE LYCEUM MSIL/DanBot CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Lyposit Ransomware Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Lyposit Ransomware Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mac Flashback Checkin 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac Flashback Checkin 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MacOS/UpdateAgent.A CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MacOS/UpdateAgent.A CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac Trojan HTTP Checkin (accept-language violation)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mac User-Agent Typo INBOUND Likely Hostile
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart CnC Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart Exfil URI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MageCart JS Retrieval
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magecart/Skimmer - AngryBeaver Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MAGICHOUND.FETCH CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MAGICHOUND.FETCH Retrieving Malicious PowerShell
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MAGICHOUND.RETRIEVER CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Magician/M461c14n Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MagikPOS CnC Beacon
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MagikPOS Downloader Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MagikPOS Downloader Retrieving Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Magniber Ransomware Retrieving Instructions
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity Sending Windows User Info (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity Sending Windows User Info (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Activity (set)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Checkin Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Downloading from Dropbox via API
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Exfil (2019-12-12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc OneDrive Download Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Request for Payload (TA505 Related)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Requesting Payload 2020-04-21
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Additional Resources (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Binary (Likely Trickbot)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload 2021-06-15
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Payload 2021-07-06
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload March 30 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Payload May 23 2017 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MalDoc Retrieving Possible Ostap Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Remote Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Retrieving Remote Template (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Second Stage VBS Downloader with URL Padding
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maldoc Sending Windows System Information (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Chrome Extension Requesting Websocket
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Cobalt Strike SSL Cert (asurecloud .tech)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Dropper Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious JS.Nemucod to PS Dropping PE Nov 14 M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious lnk Downloader Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Mega Chrome Extension Exfil Domain (www .megaopac .host in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious Second Stage Payload Inbound 2021-02-19
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious SSL Certificate detected (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (FindPOS)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC)
ET MALWARE Malicious SSL Certificate detected (Patchwork CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL certificate detected (Possible Sinkhole)
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Certificate detected (PyXie)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious SSL Cert (Magecart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Malicious VBE Script (COVID-19 Phish 2020-04-03)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious VBS Downloader fake image zip
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious XLS DDE rar Drop Attempt (.live)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Malicious XLS DDE rar Drop Fake 404 Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mal/Ransom-CE Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MASSLOGGER Client Data Exfil (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MassLogger Client Exfil (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matanbuchus Loader CnC M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matanbuchus Loader CnC M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matanbuchus Loader Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matiex Keylogger Exfil Via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Matryoshka CnC Beacon 1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Matsnu Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Maze/ID Ransomware Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mazilla Suspicious User-Agent Jan 15 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Medfos Connectivity Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Medfos/Midhos Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MedusaHTTP Variant CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MegalodonHTTP CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MegalodonHTTP CoinMiner Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE MegalodonHTTP/LuciferHTTP Client Action
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Megumin v2 Stealer User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mekotio HTTP Method (111SA)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mera Keylogger POSTing keystrokes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Meredrop/Nusump Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mermaid Ransomware Variant CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mermaid Ransomware Variant CnC Activity M4
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Mespinoza Ransomware - Pre-Encryption File Exfil to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE METALJACK APT32 CnC Host Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mevade Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA CnC Domain Observed in SNI (samwinchester .club)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Reporting Infected System Information and RAT Version
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Response M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA HTTP Failover Response M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Screenshot Upload M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Screenshot Upload M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MICROPSIA Sending JPG Screenshot to CnC with .his Extension
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Midhos/Medfos downloader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MilkyBoy CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MilkyBoy CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE CnC Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MINEBRIDGE/MINEDOOR CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke variant C&C activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miniduke Variant CnC Beacon via WebDAV
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Minirem
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirage Campaign checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mirai Variant User-Agent (Outbound)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Client Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Client Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MirrorBlast KiXtart Downloader Server Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Miuref/Boaxxe Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE ModPipe CnC Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Moist Stealer CnC Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MoneroPay Ransomware Payment Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Monsoon Tinytyphon CnC Beacon Exfiltrating Docs
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Monsoon Tinytyphon CnC Beacon GET
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE MontysThree HTTPTransport Module Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Moose CnC Request M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MosesStaff APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MRCR1 Ransomware Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MRCR1 Ransomware Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MS_D0wnl0ad3r Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MS_D0wnl0ad3r Screenshot Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.ATS CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.BIC Variant CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.DNL CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.DNL Server Response Task (whoami)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Checkin Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Data Exfil (sysinfo)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Agent.TRM Task Command
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Alcatrez Locker Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Almashreq CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Almashreq Executing New Processes
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Autorun.AD Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Azula Logger CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.BackNet Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/BlackGuard Stealer Exfil Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/BlackGuard Stealer Variant Exfil via Telegram
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Bobik CnC Traffic
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoalaBot CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoderVir Stealer Zip Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/CoinMiner Performing System Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE MSIL/Document Stealer Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/EasyLocker Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Eredel Stealer CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G1 Stealer/GravityRAT Requesting Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G1 Stealer/GravityRAT Uploading File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/G2 Stealer/GravityRAT CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GenKryptik.FQRH Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GravityRAT CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/HadesLocker Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Heracles Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Hidden-Tear Variant Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Injector.VVP Downloader Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Juliens Botnet CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Karmen Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/KeyRedirEx Banker Receiving Exit Instruction
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/KeyRedirEx Banker Receiving Redirect/Inject List
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/KeyRedirEx Banker Requesting Redirect/Inject List
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Khonsri Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL.Kraken.v2 HTTP Pattern
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer IP Check
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer Screenshot Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL.L4L Stealer Systeminfo Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Lordix Stealer Exfiltrating Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Matrix Ransomware CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Matrix Ransomware Sending Encrypted Filelist
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/Monitor.PCTattletale.A Checkin (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/n2019cov (COVID-19) Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NewHT Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NoCry Ransomware Checkin Via Discord
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/PSW.Agent.QJK Stealer Data Exfil Via HTTP
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Runsome Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL/SamMiner CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SamMiner CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat CnC Checkin M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/SkidRat User-Agent Observed
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Small.FU Variant CnC Activity M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Spy.Banker.DH Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Spy.Keylogger.ENJ Variant CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.JVN CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/TrojanDownloader.Small.CLJ CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSIL/Unk.HT-Based Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE MSIL.Zapchast Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MS Office Macro Dridex Download URI Jan 7 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater alt checkin to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater Connectivity Check to Google
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MSUpdater POST checkin to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Activity (GET)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Activity (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Maldoc Checkin M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater APT Related Telegram Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload - CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Registering with CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Requesting Command from CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Sending Command Output to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MuddyWater Payload Sending Screenshot to CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Murlo Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MUROFET/Licat Trojan
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mustang Panda/RedDelta Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mustang Panda/RedDelta Downloader Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Mutter Backdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Load Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Load Payload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Posting Host Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Stats Callout Aug 18 2015
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MWI Maldoc Stats Callout Oct 28
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MyKings Bootloader Variant Requesting Payload M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE MZRevenge Ransomware CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Naoinstalad Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nbar.co.kr Related Trojan Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemty Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nemty Ransomware Payment Page ID File Upload
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nemucod Downloading Payload 2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemucod JS Downloader Aug 01 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nemucod JS Downloader June 12 2017
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NetBackdoor Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NetBackdoor User-Agent (.net backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Program Wrapper Download
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Proxy Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Proxy User-Agent (idk)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce Related Activity (Program Wrapper)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Netbounce User-Agent (Netbounce)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Neverquest Request URI Struct
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Neverquest/Vawtrak Posting Data
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NEWPASS CnC Client Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings Data Exfiltration
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NewPosThings POST with Fake UA and Accept Header
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nexus Stealer CnC Data Exfil
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NightfallGT Discord Nitro Ransomware
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE NightfallGT Discord Token Grabber
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NightfallGT Mercurial Grabber
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nitlove POS CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nitro Stealer Exfil Activity (Response)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM (TA421) EnvyScout Fingerprint Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NOBELIUM Win32/VaporRage Loader CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Client CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Client Data POST
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Command Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Command Sent to Client
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NORTHSTAR Interactive Client CnC
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Novaloader Stage 2 VBS Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M3
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor CnC Activity
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor - Sending SOCKS Details
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE nspps Backdoor - Task Response
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NS SSL Cert APT1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE NuggetPhantom Module Download Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nuke Ransomware Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Nymaim.BA CnC M1
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Nymaim.BA CnC M2
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Obitel Downloader Request
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AHK Downloader Request Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed APT41 Malicious SSL Cert (ColunmTK Campaign)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed APT/SideWinder CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AridViper CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed AZORult CnC Domain (miscrosoftworrd .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (bigjamg .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (cntrhum .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (dghns .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (doldig .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (gut45bg .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (moig .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (numklo .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (sh78bug .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BazarLoader Domain (vighik .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Blackrota Domain (blackrato .ga in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .automercado .co .cr in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BLUELIGHT Payload Domain (storage .jquery .services in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed BOUNCEBEAM Backdoor CnC Domain (cloudflare .5156game .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buer Loader Domain (officewestunionbank .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA (BURAN)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Buran Ransomware UA (GHOST)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Card Skimmer CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CDC Ransomware User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Certificate Containing Double Base64 Encoded Executable Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Certificate Containing Possible Base64 Encoded Powershell Inbound
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CloudAtlas APT Related Domain (checklicensekey .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Stike CnC Domain (nirsoft .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (charity-wallet .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed CobaltStrike CnC Domain (defendersecyrity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (defenderupdateav .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (dimentos .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (gmbfrom .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (gojihu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (Gojihu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain in TLS SNI (cs .lg22l .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike CnC Domain (krinsop .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (onlineworkercz .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (sazoya .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike CnC Domain (security-desk .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (securityupdateav .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed CobaltStrike CnC Domain (stg .pesrado .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (windowsupdatesc .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Cobalt Strike CnC Domain (www .msfthelpdesk .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (yawero .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike CnC Domain (yuxicu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike CnC Domain (Yuxicu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Encrypted Channel - T1573
ET MALWARE Observed Cobalt Strike Domain (asureupdate .tech in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike Loader Domain (cybersecyrity .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Related Domain (azurestat .app in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike Related Domain (cdnwin .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (croperdate .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (kaslose .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed Cobalt Strike Related Domain (world .healthamericacu .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobaltStrike/TEARDROP CnC Domain Domain in TLS SNI (mobilnweb .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cobalt Strike User-Agent
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobInt CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CobInt CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed CoinMiner CnC Domain (en24zuggh3ywlj .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed CoinMiner CnC Domain (endpsbn1u6m8f .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed CoinMiner CnC Domain (enoyq5xy70oq .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Resource Hijacking - T1496
ET MALWARE Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DangerousPassword APT Related Domain (cop .osonlines .co in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (datacentre .center in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (shopapppro .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DangerousPassword APT Related Domain (shopapptech .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DarkSide Ransomware CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (catsdegree .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DarkSide Ransomware Domain (temisleyes .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed DCRat CnC Domain (dud-shotline .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DCRat CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DecryptmyFiles Ransomware User-Agent (uniquesession)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Default CobaltStrike SSL Certificate
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed DonotGroup Maldoc Related Domain (digitalresolve .live in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (download-serv-234116 .xyz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (get-europe-group .bar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (manholi .xyz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain in TLS SNI (phonefix .bar)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Domain (phonefix .bar in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evil Keitaro TDS Redirection Domain (fiberswatch .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Evrial Domain (projectevrial .ru in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FIN12 Related Cobalt Strike Domain (netrie .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Exfiltration Over C2 Channel - T1041
ET MALWARE Observed FIN12 Related Domain (hdhuge .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FIN7 CnC Domain (injuryless .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed FinSpy Domain (browserupdate .download in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Get2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Get2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GET Request to Jaff Domain (orhangazitur . com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GhostWriter APT Related Cobalt Strike Domain (ao3 .hmgo .pw in TLS SNI)
ET MALWARE Observed Glupteba CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoBotKR Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed GoLang Dropper Domain (en7dftkjiipor .x .pipedream .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed HTTP Request to Known PUA Host Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed HTTP Request to Known PUA Host Domain
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID CnC Domain (nothingtodo .co in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (80frontluzkher .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (bruzilovv .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (deactivate .best in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (deactivate .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed IcedID Domain (ldrtoyota .casa in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JS/Magecart Domain in TLS SNI (manag .icu)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JSSLoader Domain (deprivationant .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed JSSLoader Variant Domain (legislationient .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (blackl1vesmatter .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (gogohid .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Jupyter Stealer CnC Domain (vincentolife .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Karen Ransomware CnC Checkin
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Karen Ransomware Domain (karen .h07 .wlh .io in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Karen Ransomware Powershell Loader
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Koadic Header Structure
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus APT Related Domain (designautocad .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Maldoc CnC Domain (shopweblive .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Related Domain (docs .gsheetpage .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lazarus Related Domain (share .bloomcloud .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Lunar Builder Domain (lunarbuilder .000webhostapp .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain (mcdnn .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart CnC Domain (mcdnn .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Domain (webscriptly .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Exfil Domain (imags .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (pathc .space in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (toolser .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MageCart Group 12 Domain (zolo .pw in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (analiticsweb .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (cloudflare-cdnjs .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analitycs .site in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .online in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (googletagsmanager .website in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart Skimmer Domain (static-zdassets .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Magecart/Skimmer - _try_action CnC Domain (cdn-frontend .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Maldoc CnC Domain (cloud-documents .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Maldoc Domain (travelcrimea .info in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Cobalt Strike SSL Cert (cdnengine .biz)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Cobalt Strike SSL Cert (setupfastonline .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups Domain (unohcr .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups (officemodel .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Domain Targeting Minority Groups (tcahf .org in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious FIN12 Related SSL Cert
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious FIN12 Related SSL Cert (serviceswork .net)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AgentTesla CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT29)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT32 JEShell CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT34 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (APT MustangPanda CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-11-18
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bancos Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Blackrota)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (chMiner/RAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Obfuscation - T1001
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike Malleable C2 Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CobInt CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CONFUCIOUS_B CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CoreBot C2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CoreDn/BLINDINGCAN Activity)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (DeadlyKiss APT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup/Patchwork CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ElegyRAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ELF/Rekoobe CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fake Gmail Self Signed - Possible Cobalt Stirke)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN7/GRIFFON CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN7/JSSLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (FIN8 Staging CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gelsemium CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (GRIFFON CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (JS/Ostap CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (jssLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (JS WebSkimmer Exfil Site)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Klingon RAT)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc 2020-11-30)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc DL 2020-05-05)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (LazarusGroup CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Magecart/Skimmer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc 2020-03-09)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL) 2019-10-24
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-11-15)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 3)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-05-27)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-06-18)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MassLogger)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Meterpreter Paranoid Mode CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MICROPSIA CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Mirrortheif group)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (More_eggs CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MosaicRegressor WinHTTP Downloader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (MSIL/Agent.TRM CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (NHS UK Covid Passport Phish)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OceanLotus APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OilRig QUADAGENT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (OZH Rat)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Panda Banker C2)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Panda Banker Injects)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (PhantomNet/Smanager CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Possible APT33 CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Possible Godlua CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERRATANKBA CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Python RAT (Aurora Campaign))
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ReactGet Group)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SedUploader)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (ShadowHammer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SideWinder APT CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Silver Implant)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Strongpity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (TaurusStealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Turla/APT34 CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Turla CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Upatre CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif Inject Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Ursnif Injects)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Various CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (W32/TrojanDownloader.Agent.FBF Variant CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/SandCat CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Win32/Unk Downloader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zepakab CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zeromax Stealer CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL Cert (Zloader CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Develop Capabilities - T1587
ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malicious UA (Skuxray)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malsmoke Staging Domain in SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malware Delivery Domain (analyticsnet .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Malware Delivery Landing Page Domain (bigeront .top in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MassLogger Domain in TLS SNI (ecigroup-tw .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MAZE Ransomware CnC Domain (checksoffice .me in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MAZE Ransomware CnC Domain (plaintsotherest .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MAZE Ransomware CnC Domain (thesawmeinrew .net in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MSIL/Heracles Variant CnC Domain (stainless .fun in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed MSIL/n2019cov (COVID-19) Ransomware CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed Nemty Ransomware Payment Page
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
MITRE ATT&CK Techniques
- Data Encrypted for Impact - T1486
ET MALWARE Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/NukeSped Variant CnC Domain (fudcitydelivers .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/NukeSped Variant CnC Domain (sctemarkets .com) in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed OSX/WizardUpdate Domain in TLS SNI ( .dlvplayer .com)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Pegasus Domain (api1r3f4 .redirectweburl .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed Pegasus Domain (hooklevel .com in TLS SNI)
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
Description
This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.
Recommendation
Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.