Suspicious Network Activity - IDS

ET HUNTING Suspicious EXE Download Content-Type image/jpeg

These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Adobe PKG Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ARM File Requested via WGET (set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Flowbit set for POST to Quicken Updater

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO GET Minimal HTTP Headers Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO maas.io Image Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download (set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download - Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (no .exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request to Dotted Quad

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible WinHttpRequest (no .exe)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Symantec Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO User-Agent (wininet)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Windows Update/Microsoft FP Flowbit

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ZoneAlarm Download Flowbit Set

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44Calibar Variant Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44 Caliber Stealer Data Exfil via Discord

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (bigudp)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (dns)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (stop)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (syn)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques

  • Develop Capabilities - T1587
ET MALWARE Agent.BAAB Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla Communicating with CnC Server

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla PWS HTTP CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alfa/Alpha Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Alina Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina Server Response Code

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina User-Agent(Alina)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alman Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AlphaCrypt CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE AlphaCrypt Connectivity Check 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Alureon Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey CnC Check-In

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT Init Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT WebSocket Session

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/FakeKakao checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin Dec 29 2014

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Check-in Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Downloading Module

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntiVirus exe Download Likely FakeAV Install

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntSword Webshell User-Agent Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Attempt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Sucessful Exploit

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ApolloLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ApolloLocker Ransomware CnC Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Kupay Wallet CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Union Crypto CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL Related CnC Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 SEDNIT Variant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 SEDNIT Variant CnC Beacon 4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28/SkinnyBoy Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/SkinnyBoy Payload Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Uploader Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT28 Uploader Variant Fake Request to Google

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Cache_DLL SSL Cert

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - Evil Twitter Callback

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - MAL_REFERER

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29/Wellness CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Agtid callback

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Backspace CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT/Bitter Maldoc Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Cheshire Cat CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT CozyCar SSL Cert 2

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 5

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 6

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 7

Description

Recommendation

ET MALWARE APT CozyCar SSL Cert 8

Description

Recommendation

ET MALWARE APT/Donot Group Checkin Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/FamousSparrow Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Fwits CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT.Fwits CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT Hellsing Proxy Checker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lazarus Nukesped Downloader

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lurker POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT Mustang Panda Payload - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt C2 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Operation Sidecopy lnk Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT OSX.XSLCmd CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE APT/TransparentTribe CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe Style Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor Intial Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor User-Agent (ALIZER)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ares Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Advtravel Campaign GET Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checking filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Exfiltrating files

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT File information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (SK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skype)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skypee)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Date

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Serial

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AridViper CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer Config Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer IP Lookup

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArrobarLoader CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader/TeleRAT Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Domain in TLS SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Data Post to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Form Submission to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asterope Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AstroBot CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Athena DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Atya Dropper Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aura Ransomware User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Aurora Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE AutoHotkey Downloader Checkin via IPLogger

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AutoHotKey offthewall Downloader Requesting Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Avzhan DDoS Bot User-Agent MyIE

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult Variant.4 Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babar POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babax Stealer Exfil via Telegram

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BabyShark CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BACKCONFIG CnC Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Egobot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise CnC Beacon 1 M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 2 M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise CnC Beacon 3 M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Backdoor.Elise Style IP Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise Style IP Check M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Esion CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Graybird Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor Lanfiltrator Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Meciv Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.bjjv Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.myttae User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Ixeshe

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Ping Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/PcClient.AA Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.PEx.942728546 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.RShot HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Get Config Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Put

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Trup.CX Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Xtrat Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backoff POS Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadPatch CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Baldr Stealer Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin - Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Headers - Likely CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bancos/Banker Info Stealer Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BandarChor/CryptON Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BandarChor Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (hhh)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Ms)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Mz)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (MzApp)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker PWS/Infostealer HTTP GET Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker Trojan (General) HTTP Checkin (vit)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin Detected (envia.php)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload POST Checkin (dados)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload User-Agent Detected (ExampleDL)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaBackdoor Variant CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT GET request CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT POST request CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bebloh connectivity check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BePush/Kilim payload retrieval

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BestAntivirus2011 Fake AV reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Betabot Checkin 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BF Botnet CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BigLock Ransomware CnC Activity (id)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BIOPASS RAT Go Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BIOPASS RAT Python Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitcoin variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter APT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BITTERBUG Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter RAT HTTP CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bitter RAT HTTP CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_SLOTH.A Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackbeard Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C (2)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2 POST Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x Plugin Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackMatter CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackshadesRAT Reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech Plead Encrypted Payload Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BleachGap Ransomware Checkin (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Blue Bot DDoS Blog Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Logger Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Proxy Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Target Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bolek HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Book of Eli CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bookworm CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bookworm CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bossabot DDoS tool RFI attempt

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bot Backdoor Checkin/registration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BOUNCEBEAM Backdoor CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Bravix Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brazilian Banker SSL Cert

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab CnC URL Detected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab Downloader Communicating With Controller (1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BroBot POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Rivest)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BrushaLoader CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer - DomainInfo User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Download Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Successful Payload Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BUILDINGCAN CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buran Ransomware Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Buran Ransomware Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE BYOB - Python Backdoor Loader Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BYOB - Python Backdoor Stager Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE C3Pool CoinMiner Setup Script Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496
ET MALWARE Campo Loader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Capfire4 Checkin (register machine)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE carberp check in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp checkin task

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp CnC request POST /set/task.html

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp file download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Casbaneiro CnC Host Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cashout Proxy Bot reg_DST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBeplay Downloading Design

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay.P Ransomware

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CenterPOS CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Delete Plugins

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Load Plugins

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CerberTear Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Client CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaseBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (command)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (file)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (hello)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (result)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic CnC Beacon 5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Chthonic CnC Beacon 6

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Citadel Activity POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Citadel Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (aspx)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (PHP)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Click Fraud Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ClipBanker Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - Coinminer Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Resource Hijacking - T1496
ET MALWARE Clipsa Stealer - Exfiltration Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CloudAtlas APT Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cloud Atlas CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CNRarypt Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cobalt Group SSL Certificate Detected

Description

Recommendation

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt STrike Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Bing Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Beacon Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon Observed (MASB UA)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Exfiltration

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cobalt Strike Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Obfuscation - T1001
ET MALWARE Cohhoc RAT CnC Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoinVault CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CoinVault POST M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CollectorStealer CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Outbound Communication

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew Possible APT backdoor download logo.png

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Access Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL (partner)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (farfly checkin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (pid - mac)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (wmid - ucid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Trojan HTTP GET Logging

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre URI/Headers Struct

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Zbot EXE filename Dec 09 2013

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE COMRAT CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ConstructorWin32/Agent.V

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cookies/Cookiebag Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Requesting Module

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Covenant Framework HTTP Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyCar V2 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP GET CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE CozyDuke APT HTTP POST CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Criptobit/Mobef Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CROSSWALK CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M5

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptojoker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptolocker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLocker EXE Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CryptoPatronum Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE CryptoShield Ransomware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall CryptoWall 3.0 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Curso Banker Downloading Modules

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT User-Agent (USER_CHECK)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cyborg Ransomware - Downloading Desktop Background

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Cycbot POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE D1onis Stealer Sending Data to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Execution

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Extraction

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Daemonize.ft HTTP Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dalexis CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dalexis Downloading EXE

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot Associated Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot UA Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CNC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkHotel Downloader CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Downloader CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Initial Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DarkHotel Payload Uploading to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Darkness DDoS Bot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Databack CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DATA-BROKER BOT Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRAT Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M11

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M12

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M13

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat Initial CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ddex Loader Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Job Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Slave POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet Miner Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin via HTTP

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Janicab CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Powersing CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecebalPOS User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecryptmyFiles Ransomware CnC (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE DEEP PANDA Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delf Checkin via HTTP (5)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer-715 Install Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.MC(vf) HTTP Request - Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.Trojan Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DiamondFox HTTP Post CnC Checkin M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ext Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ignore Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Key Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Landing Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Priority Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Services Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Wipe Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirectsX CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirtJumper Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DistTrack/Shamoon CnC Beacon M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DistTrack/Shamoon CnC Beacon M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE DLoader File Download Request Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DMSpammer HTTP Post Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Commands Embedded in Webpage Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Requesting Config

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Domen SocEng Redirect - Landing Page Observed

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonBot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donkeyp2p Update Detected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Pult Downloader Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Template Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dooptroop CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dooptroop Dropper Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot GeoIP Lookup to wipmania

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot Loader Payload Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downadup/Conficker A or B Worm reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Downloaded .bat Disables Real Time Monitoring

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded .bat Disables Windows Defender

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded Script Disables Firewall/Antivirus

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader (P2P Zeus dropper UA)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Banload Reporting

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Geral Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader Win32.Small.agoy Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Small CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dridex Base64 Executable

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex/Bugat/Feodo GET Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users\Application Data\kb208351.exe C:\Users\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo POST Checkin

Description

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation

Bugat writes an executable file to disk in the user's Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users\Application Data\kb208351.exe C:\Users\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex DL Pattern Feb 18 2016

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex Post Check-in Activity

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Retrieving Second Stage

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex v2 POST Checkin

Description

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset's browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Driveby Exploit Attempt Often to Install Monkif

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Driveby Loader Request List.php

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Encoded Binary - Server Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dumador Reporting User Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DustySky CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Dyre CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Ex-filtrating Data

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Fake Server Header

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/Mist Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ElectroRAT CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot Requesting Commands from CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF_BASHLITE.SMB Dropping Files

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/DarkNexus User-Agent

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/LiLocked Ransom Note in HTTP Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/MachO.Netwire Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mayhem Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M1 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M2 (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai User-Agent Observed (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Damien)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (lessie)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Rift)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Solar)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Damien)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (lessie)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Rift)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Solar)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/muBoT User-Agent (I'm a mu mu mu ?)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Attempting to Download Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Scanner Module Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/TooEasy Miner CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE EMAIL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Certificate Observed M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Emotet Post Drop C2 Comms M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet v2 Exfiltrating Outlook information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Wifi Bruter Module Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enigma Locker Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Cobalt Strike Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [eSentire] VBS Retrieving Malicious Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE ESPecter Bootkit Initialization Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Ping

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Registration Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EUPUDS.A Requests for Boleto replacement

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Google Drive Download

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Monero Cryptocurrency Miner Request Pools

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evilnum Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Connectivity Check

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Error Report

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Host Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Response

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil PDF Retrieving Emotet Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer Retrieving CnC Information

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Exorcist 2.0 Ransomware CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKBEN Ransomware

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE FAKE AOL SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.dfze/FakeAV!IK Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV FakeSmoke HTTP POST check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE AV HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Install

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page (aid sid)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV oms.php Data Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV security_scanner.exe

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV User-Agent XML

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Variant CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Faked Russian Opera UA without Accept - probable downloader

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Google Chrome Notifications Installer

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake IBM SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKEIE Minimal Headers (flowbit set)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE/ROGUE AV/Security Application Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Virtually SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Windows Scam ScreenLocker

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE YAHOO SSL Cert APT1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Farfli HTTP Checkin Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Initial Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS RAM Scraper Sending Details

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Reporting Error Code

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Keystrokes

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Status Logs

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Software Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Successful Software Update Request

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Version Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FBot Downloader Generic GET for ARM Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Felismus CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Felismus CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FF-RAT Stage 1 CnC Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FighterPOS CnC Beacon 1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE FighterPOS CnC Beacon 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Fileless infection dropped by EK CnC Beacon

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE Filename explorer.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename server.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename svchost.exe Download - Common Hostile Filename

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN6 StealerOne CnC Domain in SNI

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Activity (GET)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Activity (POST)

Description

Recommendation

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FindPOS Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.BEACON M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Exfiltration Over C2 Channel - T1041
ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FlashBack Mac OSX malware Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Formbook 0.3 Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FormBook CnC Checkin (POST) M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FortDisco Reporting Status

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M3

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M4

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Data)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Yuok)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRatReporter check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Error Report POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSocket Request M1

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSockets Request M2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FraudLoad.aww HTTP CnC Post

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA LETITGO

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA single

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fruspam polling for IP likely infected

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer CnC Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer Init Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer Data Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gaboc Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Galock Ransomware Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques

  • Data Encrypted for Impact - T1486
ET MALWARE Gamania Trojan Check-in

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Maldoc Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (POST)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon File Stealer POST

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon MalDoc CnC Exfil

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamarue/Andromeda Downloading Payload

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gameredon Loader Activity

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin 2

Description

This detection identifies malware-related activity using Rapid7's Insight Network Sensor. Malicious actors often use malware in o