onion domain () (les)Ģ020882 - ET TROJAN Win32/Teslacrypt Ransomware. onion domain () (les)Ģ020869 - ET TROJAN Win32/Teslacrypt Ransomware. org) (les)Ģ019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_les)Ģ019876 - ET SCAN SSH BruteForce Tool with fake PUTTY version (les)Ģ020475 - ET POLICY Metasploit Framework Checking For Update (les)Ģ020716 - ET POLICY Possible External IP Lookup ipinfo.io (les)Ģ020844 - ET TROJAN Win32/Teslacrypt Ransomware. org in DNS lookup) (les)Ģ017928 - ET POLICY IP lookup/Tor Usage check over TLS with SNI (les)Ģ017933 - ET POLICY TraceMyIP IP lookup (les)Ģ018359 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 2 (les)Ģ018766 - ET TROJAN DNS Query to Pseudo Random Domain for Web Malware (.mynumber. (les)Ģ017398 - ET POLICY Internal Host Retrieving External IP via - Possible Infection (les)Ģ017926 - ET POLICY External IP Lookup / Tor Checker Domain (check.torproject. (les)Ģ016871 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. asp Filename Extension Parsing File Upload Security Bypass Attempt (asp) (web_les)Ģ010677 - ET MALWARE Suspicious User-Agent (My Session) (les)Ģ011037 - ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION (web_les)Ģ011141 - ET WEB_SERVER PHP Easteregg Information-Disclosure (phpinfo) (web_les)Ģ011161 - ET WEB_SPECIFIC_APPS HotNews 3 incdir Parameter Remote File Inclusion Attempt (web_specific_les)Ģ011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection (les)Ģ011719 - ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) (les)Ģ012810 - ET POLICY HTTP Request to a *.tk domain (les)Ģ012870 - ET POLICY HTTP Outbound Request contains pw (les)Ģ013256 - ET POLICY Majestic12 User-Agent Request Outbound (les)Ģ013290 - ET POLICY MOBILE Apple device leaking UDID from SpringBoard via GET (les)Ģ013508 - ET USER_AGENTS Downloader User-Agent HTTPGET (user_les)Ģ013535 - ET INFO HTTP Request to a *.tc domain (les)Ģ014473 - ET INFO JAVA - Java Archive Download By Vulnerable Client (les)Ģ014799 - ET POLICY OpenVPN Update Check (les)Ģ016870 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
casa in DNS Lookup) (les)Ģ828734 - ETPRO TROJAN Powerstats C2 (les)Ģ828735 - ETPRO TROJAN Sidewinder.A C2 (les)Ģ828736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline ( 1) (les)Ģ828737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline ( 2) (les)Ģ828738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline ( 3) (les)Ģ828739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline ( 3) (les)Ģ828740 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline ( 4) (les)Ģ828741 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (dnJreGtpYmRueHg5OTl0aXo6ODduMnl6M2h1d2hlbmpnaHl3Zmdsa2w=) (les)Ģ828742 - ETPRO MOBILE_MALWARE Checkin 248 (mobile_les)Ģ828743 - ETPRO TROJAN Malicious VBScript Inbound (les)Ģ828744 - ETPRO TROJAN Sigma Ransomware Decryptor/Payment Domain (6uhryhsrr577vykz in DNS Lookup) (les)Ģ828745 - ETPRO TROJAN Sigma Ransomware Decryptor/Payment Domain (yowl2ugopitfzzwb in DNS Lookup) (les)Ģ828746 - ETPRO TROJAN Sigma Ransomware Decryptor/Payment Domain (ypg7rfjvfywj7jhp in DNS Lookup) (les)Ģ828747 - ETPRO MOBILE_MALWARE Checkin (mobile_les)Ģ828748 - ETPRO TROJAN Win32/DarkKomet CnC Communicating with Infected Host (les)Ģ828749 - ETPRO TROJAN MSIL/ReadMe Ransomware CnC Checkin (les)Ģ003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (les)Ģ003658 - ET MALWARE qq.com related Spyware User-Agent (QQGame) (les)Ģ007860 - ET MALWARE User-Agent (Internet Explorer 6.0) - Possible Trojan Downloader (les)Ģ007866 - ET CHAT Gadu-Gadu Chat Client Checkin via HTTP (les)Ģ008295 - ET CHAT Gadu-Gadu IM Login Server Request (les)Ģ008538 - ET SCAN Sqlmap SQL Injection Scan (les)Ģ008570 - ET POLICY External Unencrypted Connection to BASE Console (les)Ģ009020 - ET POLICY Internal Host Retrieving External IP via - Possible Infection (les)Ģ009362 - ET WEB_SERVER /system32/ in Uri - Possible Protected Directory Access Attempt (web_les)Ģ009867 - ET TROJAN Suspicious User-Agent (Mozilla/3.0 (compatible)) (les)Ģ010066 - ET POLICY Data POST to an image file (gif) (les)Ģ010592 - ET WEB_SERVER Possible Microsoft Internet Information Services (IIS). plus in DNS Lookup) (les)Ģ025096 - ET POLICY. UBoatRAT, Powerstats, Sigma Ransomware Domains, .Ģ025093 - ET TROJAN UBoatRAT CnC Check-in (les)Ģ025094 - ET MALWARE Win32/ Checkin 5 (les)Ģ025095 - ET POLICY.