This type of blind SQL injection relies on the database pausing for aspecified amount of time, then returning the results, indicatingsuccessful SQL query executing. Using this method, an attackerenumerates each letter of the desired piece of data using the followinglogic:
Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool
2001035 - ET P2P Morpheus Install (p2p.rules) 2001036 - ET P2P Morpheus Install ini Download (p2p.rules) 2001037 - ET P2P Morpheus Update Request (p2p.rules) 2002659 - ET CHAT Yahoo IM Client Install (chat.rules) 2003047 - ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)(policy.rules) 2003060 - ET MALWARE 180solutions (Zango) Spyware Local Stats Post(malware.rules) 2004364 - ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt --detail.php id DELETE (web_specific_apps.rules) 2004386 - ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL InjectionAttempt -- goster.asp id UNION SELECT (web_specific_apps.rules) 2004529 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id SELECT (web_specific_apps.rules) 2004530 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id UNION SELECT (web_specific_apps.rules) 2004531 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id INSERT (web_specific_apps.rules) 2004532 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id DELETE (web_specific_apps.rules) 2004533 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id ASCII (web_specific_apps.rules) 2004534 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --subcat.php cate_id UPDATE (web_specific_apps.rules) 2004535 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id SELECT (web_specific_apps.rules) 2004536 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id UNION SELECT (web_specific_apps.rules) 2004537 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id INSERT (web_specific_apps.rules) 2004538 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id DELETE (web_specific_apps.rules) 2004539 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id ASCII (web_specific_apps.rules) 2004540 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --view_profile.php user_id UPDATE (web_specific_apps.rules) 2004541 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt --postingdetails.php postingid SELECT (web_specific_apps.rules) 2004546 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt --postingdetails.php postingid UPDATE (web_specific_apps.rules) 2006375 - ET P2P Bittorrent P2P Client HTTP Request (p2p.rules) 2006443 - ET WEB_SERVER Possible SQL Injection Attempt DELETE FROM(web_server.rules) 2006444 - ET WEB_SERVER Possible SQL Injection Attempt INSERT INTO(web_server.rules) 2006447 - ET WEB_SERVER Possible SQL Injection Attempt UPDATE SET(web_server.rules) 2007727 - ET P2P possible torrent download (p2p.rules) 2008070 - ET POLICY Windows 98 User-Agent Detected - Possible Malware orNon-Updated System (Win98) (policy.rules) 2008175 - ET WEB_SERVER Possible SQL Injection (varchar)(web_server.rules) 2008176 - ET WEB_SERVER Possible SQL Injection (exec) (web_server.rules) 2008184 - ET USER_AGENTS Suspicious User-Agent (Installer)(user_agents.rules) 2008362 - ET SCAN bsqlbf Brute Force SQL Injection (scan.rules) 2008467 - ET WEB_SERVER Possible SQL Injection Attempt Danmec related(declare) (web_server.rules) 2008571 - ET SCAN Acunetix Version 6 Crawl/Scan Detected (scan.rules) 2008617 - ET SCAN Wikto Scan (scan.rules) 2008627 - ET SCAN Httprecon Web Server Fingerprint Scan (scan.rules) 2008629 - ET SCAN Wikto Backend Data Miner Scan (scan.rules) 2008639 - ET TROJAN Tibs Trojan Downloader (trojan.rules) 2008822 - ET WEB_SPECIFIC_APPS Joomla Pro Desk Component include_fileLocal File Inclusion (web_specific_apps.rules) 2008831 - ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery photo_idparameter SQL Injection (web_specific_apps.rules) 2009028 - ET TROJAN 404 Response with an EXE Attached - Likely MalwareDrop (trojan.rules) 2009152 - ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTPS)(web_server.rules) 2009153 - ET WEB_SERVER PHP Generic Remote File Include Attempt (FTP)(web_server.rules) 2009155 - ET WEB_SERVER PHP Generic Remote File Include Attempt (FTPS)(web_server.rules) 2009158 - ET SCAN WebShag Web Application Scan Detected (scan.rules) 2009361 - ET WEB_SERVER cmd.exe In URI - Possible Command ExecutionAttempt (web_server.rules) 2009479 - ET SCAN Asp-Audit Web Scan Detected (scan.rules) 2009512 - ET USER_AGENTS Suspicious User-Agent (Session) - PossibleTrojan-Clicker (user_agents.rules) 2009715 - ET WEB_SERVER Onmouseover= in URI - Likely Cross Site ScriptingAttempt (web_server.rules) 2009815 - ET WEB_SERVER Attempt To Access MSSQL xp_cmdshell StoredProcedure Via URI (web_server.rules) 2009816 - ET WEB_SERVER Attempt To Access MSSQL xp_servicecontrol StoredProcedure Via URI (web_server.rules) 2009817 - ET WEB_SERVER Attempt To Access MSSQL sp_adduser StoredProcedure Via URI to Create New Database User (web_server.rules) 2009818 - ET WEB_SERVER Attempt To Access MSSQLxp_regread/xp_regwrite/xp_regdeletevalue/xp_regdeletekey Stored ProcedureVia URI to Modify Registry (web_server.rules) 2009819 - ET WEB_SERVER Attempt To Access MSSQL xp_fileexist StoredProcedure Via URI to Locate Files On Disk (web_server.rules) 2009820 - ET WEB_SERVER Attempt To Access MSSQL xp_enumerrorlogs StoredProcedure Via URI to View Error Logs (web_server.rules) 2009822 - ET WEB_SERVER Attempt To Access MSSQL xp_readerrorlogs StoredProcedure Via URI to View Error Logs (web_server.rules) 2009823 - ET WEB_SERVER Attempt To Access MSSQLxp_enumdsn/xp_enumgroups/xp_ntsec_enumdomains Stored Procedure Via URI(web_server.rules) 2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosurevulnerability (web_server.rules) 2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosurevulnerability (web_server.rules) 2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosurevulnerability (web_server.rules) 2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosurevulnerability (web_server.rules) 2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosurevulnerability (web_server.rules) 2009955 - ET WEB_SERVER Tilde in URI - potential .php source disclosurevulnerability (web_server.rules) 2009978 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQLInjection Vulnerability (web_specific_apps.rules) 2009980 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQLInjection Vulnerability (web_specific_apps.rules) 2010077 - ET WEB_SPECIFIC_APPS Possible Docebo INSERT INTO InjectionAttempt (web_specific_apps.rules) 2010078 - ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL InjectionAttempt (web_specific_apps.rules) 2010080 - ET WEB_SPECIFIC_APPS Possible AIOCP cp_html2xhtmlbasic.phpRemote File Inclusion Attempt (web_specific_apps.rules) 2010084 - ET WEB_SERVER Possible ALTER SQL Injection Attempt(web_server.rules) 2010085 - ET WEB_SERVER Possible DROP SQL Injection Attempt(web_server.rules) 2010086 - ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI(web_server.rules) 2010159 - ET WEB_SERVER Possible 3Com OfficeConnect Router Default UserAccount Remote Command Execution Attempt (web_server.rules) 2010284 - ET WEB_SERVER SELECT INSTR in URI Possible ORACLE Related BlindSQL Injection Attempt (web_server.rules) 2010285 - ET WEB_SERVER SELECT SUBSTR/ING in URI Possible Blind SQLInjection Attempt (web_server.rules) 2010460 - ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.aspCross-Site Scripting Attempt (web_server.rules) 2010462 - ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgiCross-Site Scripting Attempt (web_server.rules) 2010520 - ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source)(web_client.rules) 2010593 - ET WEB_SERVER Possible Microsoft Internet Information Services(IIS) .aspx Filename Extension Parsing File Upload Security Bypass Attempt(aspx) (web_server.rules) 2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosurevulnerability (web_server.rules) 2010919 - ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt(web_server.rules) 2010953 - ET SCAN Skipfish Web Application Scan Detected (scan.rules) 2010965 - ET WEB_SERVER SHOW VARIABLES SQL Injection Attempt in URI(web_server.rules) 2010966 - ET WEB_SERVER SHOW CURDATE/CURTIME SQL Injection Attempt in URI(web_server.rules) 2010967 - ET WEB_SERVER SHOW TABLES SQL Injection Attempt in URI(web_server.rules) 2011028 - ET SCAN HZZP Scan in Progress calc in Headers (scan.rules) 2011029 - ET SCAN Netsparker Default User-Agent (scan.rules) 2011030 - ET SCAN Netsparker Scan in Progress (scan.rules) 2011039 - ET WEB_SERVER Possible INSERT VALUES SQL Injection Attempt(web_server.rules) 2011041 - ET WEB_SERVER MYSQL Benchmark Command in URI to Consume ServerResources (web_server.rules) 2011042 - ET WEB_SERVER MYSQL SELECT CONCAT SQL Injection Attempt(web_server.rules) 2011073 - ET WEB_SERVER Microsoft SharePoint Server 2007_layouts/help.aspx Cross Site Scripting Attempt (web_server.rules) 2011122 - ET WEB_SERVER Possible SQL injection obfuscated via REVERSEfunction (web_server.rules) 2011142 - ET WEB_SERVER PHP Easteregg Information-Disclosure (php-logo)(web_server.rules) 2011143 - ET WEB_SERVER PHP Easteregg Information-Disclosure (zend-logo)(web_server.rules) 2011144 - ET WEB_SERVER PHP Easteregg Information-Disclosure (funny-logo)(web_server.rules) 2011145 - ET WEB_SERVER 3Com Intelligent Management Center Cross SiteScripting Attempt (web_server.rules) 2011161 - ET WEB_SPECIFIC_APPS HotNews hnmain.inc.php3 incdir ParameterRemote File Inclusion Attempt (web_specific_apps.rules) 2011290 - ET WEB_SERVER Gootkit Website Infection Request for FTPCredentials from Control Server (web_server.rules) 2011338 - ET TROJAN Sality Variant Downloader Activity (3) (trojan.rules) 2011360 - ET WEB_SERVER ColdFusion Path Traversal (locale 3/5)(web_server.rules) 2011456 - ET WEB_CLIENT PROPFIND Flowbit Set (web_client.rules) 2011694 - ET POLICY Windows 3.1 User-Agent Detected - Possible Malware orNon-Updated System (policy.rules) 2011705 - ET P2P Bittorrent P2P Client User-Agent (rTorrent) (p2p.rules) 2011712 - ET P2P Bittorrent P2P Client User-Agent (FDM 3.x) (p2p.rules) 2011763 - ET WEB_SERVER Possible Cisco PIX/ASA HTTP Web Interface HTTPResponse Splitting Attempt (web_server.rules) 2011806 - ET WEB_SERVER ScriptResource.axd access without t (time)parameter - possible ASP padding-oracle exploit (web_server.rules) 2012160 - ET WEB_SPECIFIC_APPS Informacion Generalinformacion_general.php DELETE FROM SQL Injection Attempt(web_specific_apps.rules) 2012171 - ET INFO DYNAMIC_DNS Query to 3322.org Domain (info.rules) 2012219 - ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bidParameter Blind SQL Injection Attempt (web_specific_apps.rules) 2012247 - ET P2P BTWebClient UA uTorrent in use (p2p.rules) 2012325 - ET WEB_CLIENT Obfuscated Javascript // ptth (web_client.rules) 2012359 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedadParameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2012360 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedadParameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2012361 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedadParameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2012362 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedadParameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2012363 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedadParameter UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2012364 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter SELECT FROM SQLInjection Attempt (web_specific_apps.rules) 2012365 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter DELETE FROM SQLInjection Attempt (web_specific_apps.rules) 2012366 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter UNION SELECT SQLInjection Attempt (web_specific_apps.rules) 2012367 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter INSERT INTO SQLInjection Attempt (web_specific_apps.rules) 2012368 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter UPDATE SET SQLInjection Attempt (web_specific_apps.rules) 2012369 - ET WEB_SPECIFIC_APPS Joomla swMenuPro ImageManager.php RemoteFile Inclusion Attempt (web_specific_apps.rules) 2012370 - ET WEB_SPECIFIC_APPS Boonex Dolphin explain Parameter CrossSite Scripting Attempt (web_specific_apps.rules) 2012371 - ET WEB_SPECIFIC_APPS Boonex Dolphin relocate Parameter CrossSite Scripting Attempt (web_specific_apps.rules) 2012372 - ET WEB_SPECIFIC_APPS ColdUserGroup LibraryID Parameter BlindSQL Injection Attempt (web_specific_apps.rules) 2012373 - ET WEB_SPECIFIC_APPS Horde type Parameter Local File InclusionAttempt (web_specific_apps.rules) 2012374 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid ParameterSELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2012375 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid ParameterDELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2012376 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid ParameterUNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2012377 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid ParameterINSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2012378 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid ParameterUPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2012379 - ET WEB_SPECIFIC_APPS TelebidAuctionScript aid Parameter BlindSQL Injection Attempt (web_specific_apps.rules) 2012380 - ET WEB_SPECIFIC_APPS Podcast Generator themes.php Cross SiteScripting Attempt (web_specific_apps.rules) 2012381 - ET WEB_SPECIFIC_APPS ITechBids productid Parameter Blind SQLInjection Attempt (web_specific_apps.rules) 2012390 - ET P2P Libtorrent User-Agent (p2p.rules) 2012393 - ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration FileRemote Arbitrary Command Execution Attempt (web_specific_apps.rules) 2012394 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf CrossSite Scripting Attempt (web_specific_apps.rules) 2012395 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf CrossSite Scripting Attempt (web_specific_apps.rules) 2012406 - ET WEB_SPECIFIC_APPS Potential Cewolf DOS attempt(web_specific_apps.rules) 2012411 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress updateAJAX.phppost_id Parameter Cross Site Scripting Attempt (web_specific_apps.rules) 2012412 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id SELECT (web_specific_apps.rules) 2012413 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id UNION SELECT (web_specific_apps.rules) 2012414 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id INSERT (web_specific_apps.rules) 2012415 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id DELETE (web_specific_apps.rules) 2012416 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id ASCII (web_specific_apps.rules) 2012417 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL InjectionAttempt updateAJAX.php post_id UPDATE (web_specific_apps.rules) 2012418 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form ParameterCross Site Scripting Attempt 1 (web_specific_apps.rules) 2012419 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form ParameterCross Site Scripting Attempt 2 (web_specific_apps.rules) 2012707 - ET TROJAN Suspicious double Server Header (trojan.rules) 2012730 - ET TROJAN Known Hostile Domain ilo.brenz .pl Lookup(trojan.rules) 2012760 - ET WEB_SPECIFIC_APPS Cisco Unified Communications Managerxmldirectorylist.jsp SQL Injection Attempt (web_specific_apps.rules) 2013224 - ET POLICY Suspicious User-Agent Containing .exe (policy.rules) 2013339 - ET TROJAN Win32.FakeAV.Rean Checkin (trojan.rules) 2013435 - ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin (trojan.rules) 2013438 - ET INFO HTTP Request to a *.uni.cc domain (info.rules) 2013684 - ET INFO HTTP Request to a *.dtdns.net domain (info.rules) 2014169 - ET DNS Query for .su TLD (Soviet Union) Often Malware Related(dns.rules) 2014232 - ET TROJAN UPDATE Protocol Trojan Communication detected on httpports 2 (trojan.rules) 2014492 - ET INFO DYNAMIC_DNS Query to a *.dtdns.net Domain (info.rules) 2014493 - ET INFO DYNAMIC_DNS HTTP Request to a *.dtdns.net Domain(info.rules) 2014500 - ET INFO DYNAMIC_DNS Query to a *.flnet.org Domain (info.rules) 2014788 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.net(info.rules) 2014846 - ET CURRENT_EVENTS Wordpress timthumb look-alike domain list RFI(current_events.rules) 2015800 - ET TROJAN Dorkbot GeoIP Lookup to wipmania (trojan.rules) 2016141 - ET INFO Executable Download from dotted-quad Host (info.rules) 2016275 - ET TROJAN Win32/Xtrat.A Checkin (trojan.rules) 2016777 - ET INFO HTTP Request to a *.pw domain (info.rules) 2016947 - ET TROJAN Win32.Bicololo Response 1 (trojan.rules) 2017515 - ET INFO User-Agent (python-requests) Inbound to Webserver(info.rules) 2017598 - ET TROJAN Possible Kelihos.F EXE Download Common Structure(trojan.rules) 2017603 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit32-32 byte hex java payload request Oct 16 2013 (current_events.rules) 2018008 - ET TROJAN DNS Query Possible Zbot Infection Query fornetworksecurityx.hopto.org (trojan.rules) 2018044 - ET CURRENT_EVENTS Possible Successful Verified by Visa PhishJan 30 2014 (current_events.rules) 2018141 - ET TROJAN Possible Compromised Host AnubisNetworks SinkholeCookie Value Snkz (trojan.rules) 2018191 - ET CURRENT_EVENTS SUSPICIOUS .exe Downloaded from SVN/HTTP onGoogleCode (current_events.rules) 2018242 - ET TROJAN Possible Zeus GameOver Connectivity Check(trojan.rules) 2018430 - ET WEB_CLIENT SUSPICIOUS Possible automated connectivity check (www.google.com) (web_client.rules) 2018975 - ET WEB_SPECIFIC_APPS Wordpress Custom Contact Forms DBUpload/Download Auth Bypass (web_specific_apps.rules) 2020418 - ET TROJAN Tinba Checkin 2 (trojan.rules) 2020857 - ET EXPLOIT Belkin Wireless G Router DNS Change POST Request(exploit.rules) 2021337 - ET TROJAN Win32/Vflooder.C Connectivity Check (trojan.rules) 2021378 - ET POLICY External IP Lookup - checkip.dyndns.org (policy.rules) 2022860 - ET WEB_SERVER Aribitrary File Upload Vulnerability in WP MobileDetector (web_server.rules) 2022913 - ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel(info.rules) 2023137 - ET CURRENT_EVENTS Possible Successful Phish to .tk domain Aug26 2016 (current_events.rules) 2023767 - ET TROJAN Sage Ransomware Checkin (trojan.rules) 2023768 - ET CURRENT_EVENTS Possible Broken/Filtered RIG EK PayloadDownload (current_events.rules) 2024176 - ET TROJAN Felismus CnC Beacon 1 (trojan.rules) 2024370 - ET CURRENT_EVENTS Successful Poste Italiane Phish Jun 08 2017(current_events.rules) 2024414 - ET CURRENT_EVENTS RIG EK Broken/Filtered Payload Download Jun19 2017 (current_events.rules) 2024419 - ET TROJAN FF-RAT Stage 1 CnC Checkin (trojan.rules) 2024461 - ET TROJAN LockPOS CnC (trojan.rules) 2024830 - ET POLICY Observed IP Lookup Domain (formyip .com in DNSLookup) (policy.rules) 2024888 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in DNS Lookup)(trojan.rules) 2024890 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in DNSLookup) (trojan.rules) 2024892 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in DNS Lookup)(trojan.rules) 2024899 - ET TROJAN Possible Dragonfly APT Activity HTTP URI OPTIONS(trojan.rules) 2024928 - ET TROJAN Possible IoT_reaper ELF Binary Request M5 (set)(trojan.rules) 2024933 - ET TROJAN IoT_reaper DNS Lookup M4 (trojan.rules) 2024934 - ET TROJAN IoT_reaper DNS Lookup M5 (trojan.rules) 2024935 - ET TROJAN IoT_reaper DNS Lookup M6 (trojan.rules) 2024936 - ET TROJAN IoT_reaper DNS Lookup M7 (trojan.rules) 2024942 - ET CURRENT_EVENTS 401TRG Successful Multi-Email Phish -Observed in Docusign/Dropbox/Onedrive/Gdrive Nov 02 2017(current_events.rules) 2024956 - ET TROJAN RouteX CnC Domain (cba4a6e5d3c956548a337c52388473f1.com in DNS Lookup) (trojan.rules) 2024957 - ET TROJAN RouteX CnC Domain (0a0074066c49886a39b5a3072582f5d6.net in DNS Lookup) (trojan.rules) 2024958 - ET TROJAN RouteX CnC Domain (73780fbd309561e201a4aee9914d882d.org in DNS Lookup) (trojan.rules) 2024959 - ET TROJAN RouteX CnC Domain (dcb5684707f6c66492aaa9f7d9bfb5a6.biz in DNS Lookup) (trojan.rules) 2024960 - ET TROJAN RouteX CnC Domain (322ffbbc7c1b312c2f9d942f20422f8d.com in DNS Lookup) (trojan.rules) 2024961 - ET TROJAN RouteX CnC Domain (18bca7c5fd709ac468ba148c590ef6bf.net in DNS Lookup) (trojan.rules) 2024962 - ET TROJAN RouteX CnC Domain (aaafc94b3a37b75ae9cb60afc42e86fe.org in DNS Lookup) (trojan.rules) 2024963 - ET TROJAN RouteX CnC Domain (c13a856f4a879a89e9a638207efd6c94.biz in DNS Lookup) (trojan.rules) 2024964 - ET TROJAN RouteX CnC Domain (2fa3c2fa16c47d9b9bff8986a42b048f.com in DNS Lookup) (trojan.rules) 2024965 - ET TROJAN RouteX CnC Domain (3ec9b600789b3bacf2c72ebae142a9c3.net in DNS Lookup) (trojan.rules) 2024986 - ET TROJAN SunOrcal Reaver Domain Observed (tashdqdxp .com inDNS Lookup) (trojan.rules) 2024987 - ET TROJAN SunOrcal Reaver Domain Observed (weryhstui .com inDNS Lookup) (trojan.rules) 2024988 - ET TROJAN SunOrcal Reaver Domain Observed (fyoutside .com inDNS Lookup) (trojan.rules) 2024989 - ET TROJAN SunOrcal Reaver Domain Observed (olinaodi .com in DNSLookup) (trojan.rules) 2025014 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 1(mobile_malware.rules) 2025015 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 2(mobile_malware.rules) 2025016 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 3(mobile_malware.rules) 2025017 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 4(mobile_malware.rules) 2027738 - ET TROJAN Possible Outbound WebShell GIF (trojan.rules) 2027739 - ET TROJAN Possible Outbound WebShell JPEG (trojan.rules) 2029664 - ET CURRENT_EVENTS Successful Generic 000webhostapp.com Phish2017-10-27 (current_events.rules) 2800109 - ETPRO WEB_CLIENT Microsoft Excel Workspace xlw download(web_client.rules) 2800642 - ETPRO WEB_CLIENT Apple QuickTime MOV File String HandlingInteger Overflow (web_client.rules) 2801408 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL InjectionSELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2801409 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL InjectionDELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2801410 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL InjectionUNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2801411 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL InjectionINSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2801412 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL InjectionUPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2801431 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter SELECT FROM SQLInjection Attempt (web_specific_apps.rules) 2801432 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter DELETE FROM SQLInjection Attempt (web_specific_apps.rules) 2801433 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter UNION SELECT SQLInjection Attempt (web_specific_apps.rules) 2801434 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter INSERT INTO SQLInjection Attempt (web_specific_apps.rules) 2801435 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter UPDATE SET SQLInjection Attempt (web_specific_apps.rules) 2804619 - ETPRO POLICY Request to Externally Hosted proxy config file.pac (policy.rules) 2804986 - ETPRO DOS TROJAN Armageddon apacheflood Attempt (dos.rules) 2805156 - ETPRO POLICY Online Brokerage plus500.com Toolbar User-Agent(Downloader500) (policy.rules) 2805230 - ETPRO TROJAN Win32/Esfury.T Connectivity Check (sstatic1.histats.com) (trojan.rules) 2805592 - ETPRO TROJAN Win32/Spy.Shiz.NCF Checkin (trojan.rules) 2806131 - ETPRO TROJAN Win32.Worm.Socks.O Checkin (trojan.rules) 2806266 - ETPRO TROJAN Win32/Ramnit.I!remnants DGA (nslook) (trojan.rules) 2806767 - ETPRO TROJAN Win32/Mosucker.0_7 (trojan.rules) 2807492 - ETPRO MALWARE Adware.NetBoad User-Agent (Netboan)(malware.rules) 2807908 - ETPRO TROJAN Backdoor.Win32/Bdaejec.A Checkin (trojan.rules) 2808190 - ETPRO TROJAN Virus Total vtapi DOS (trojan.rules) 2808354 - ETPRO POLICY geo IP lookup service ip138.com (policy.rules) 2808413 - ETPRO POLICY telize.com IP lookup (policy.rules) 2808881 - ETPRO TROJAN Flooder.LYI Checkin (trojan.rules) 2809823 - ETPRO EXPLOIT SOAP Netgear WNDR Auth Bypass/Info Disclosure(exploit.rules) 2810142 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules) 2810143 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules) 2810145 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules) 2810513 - ETPRO TROJAN Trojan-Ransom.Win32.Crypren.vhs Retrieving PE(trojan.rules) 2810853 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VOG Payload CnCBeacon (trojan.rules) 2812733 - ETPRO MALWARE Adware.MSIL.Linkury.M Checkin (malware.rules) 2815973 - ETPRO TROJAN Win32/Qhost.Banker.PR Checkin 1 (trojan.rules) 2816434 - ETPRO TROJAN ZeroHTTP Bot CnC Checkin (trojan.rules) 2816540 - ETPRO TROJAN PadCrypt CnC Checkin 3 Response (trojan.rules) 2816657 - ETPRO TROJAN Win32/TrojanDownloader.VB.QSL Variant Checkin(trojan.rules) 2819971 - ETPRO EXPLOIT Dlink dvg_n5402sp Path Traversal Attempt(exploit.rules) 2819973 - ETPRO EXPLOIT Dlink dir_300_600 Remote Code Execution Attempt(exploit.rules) 2820536 - ETPRO TROJAN Tordal/Hancitor/Chanitor Module Download Links(trojan.rules) 2820762 - ETPRO CURRENT_EVENTS Possible Amazon Phishing Domain Jun 202016 (current_events.rules) 2820801 - ETPRO CURRENT_EVENTS Possible barclays .co. uk Phishing DomainJun 22 2016 (current_events.rules) 2820830 - ETPRO TROJAN W32/Banload Variant Connectivity Check(trojan.rules) 2820996 - ETPRO TROJAN APT 28 EK Landing Page (trojan.rules) 2821562 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Response(trojan.rules) 2821987 - ETPRO TROJAN MSIL/Unknown HTTP Bot CnC Checkin (trojan.rules) 2822120 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sept 14 2016(current_events.rules) 2822396 - ETPRO TROJAN MSIL/UBN CP CnC Checkin (trojan.rules) 2822902 - ETPRO CURRENT_EVENTS Successful Personalized Adobe PDF OnlinePhish Oct 26 2016 (current_events.rules) 2822986 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish Oct 282016 (current_events.rules) 2823487 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 27 2016(current_events.rules) 2823572 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Dec 022016 (current_events.rules) 2823664 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Dec 07 2016(current_events.rules) 2823903 - ETPRO CURRENT_EVENTS Successful BB&T Bank Phish Dec 15 2016(current_events.rules) 2824158 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Dec30 2016 (current_events.rules) 2824159 - ETPRO CURRENT_EVENTS Successful American Express Phish M2 Dec30 2016 (current_events.rules) 2824220 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct Jan05 2017 (current_events.rules) 2824697 - ETPRO TROJAN Win32/Nagram/Rakhni IP Check (trojan.rules) 2825091 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Downloading PE(trojan.rules) 2825092 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Checkin (trojan.rules) 2826023 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Checkin M1 (trojan.rules) 2827076 - ETPRO CURRENT_EVENTS Successful Capitec Internet Banking PhishJul 11 2017 (current_events.rules) 2827133 - ETPRO POLICY External IP Lookup Domain (iplogger .com in DNSlookup) (policy.rules) 2827247 - ETPRO TROJAN Imminent Monitor Style IP Check freegeoip.net(trojan.rules) 2827399 - ETPRO TROJAN MSIL/Murlox Stealer CnC Checkin (trojan.rules) 2827620 - ETPRO TROJAN SyncCypt EXE Download as .jpg (trojan.rules) 2827980 - ETPRO TROJAN Unknown CnC Activity (trojan.rules) 2828081 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sep 28 2017(current_events.rules) 2828147 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit CardNumber Phish Oct 04 2017 (set) (current_events.rules) 2828166 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 2(trojan.rules) 2828204 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 10 2017(current_events.rules) 2828213 - ETPRO TROJAN Sage Domain (er29sl .com in DNS Lookup)(trojan.rules) 2828216 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in DNS Lookup)(trojan.rules) 2828221 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in DNS Lookup)(trojan.rules) 2828223 - ETPRO TROJAN Cerber Domain Observed (12efwa .top in DNS Lookup)(trojan.rules) 2828233 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a.pomf .cat in DNS Lookup) (info.rules) 2828268 - ETPRO TROJAN Malicious Domain CStrike C2 (blockbitcoin .com inDNS Lookup) (trojan.rules) 2828319 - ETPRO TROJAN Win32/Anubi Ransomware CnC Activity (trojan.rules) 2828326 - ETPRO USER_AGENTS myappname User-Agent (user_agents.rules) 2828333 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Oct 17 2017(current_events.rules) 2828375 - ETPRO TROJAN Cerber Domain Observed (dmhl2o .bid in DNS Lookup)(trojan.rules) 2828383 - ETPRO TROJAN Zeus Panda Domain (5c9cf1996510 .faith in DNSLookup) (trojan.rules) 2828400 - ETPRO MOBILE_MALWARE Android WannaLocker-A DNS Lookup(mobile_malware.rules) 2828429 - ETPRO TROJAN Malicious Domain Panda Banker (tontrumuchtors .comin DNS Lookup) (trojan.rules) 2828445 - ETPRO POLICY External IP Address Lookup (howtofindmyipaddress.com) (policy.rules) 2828447 - ETPRO TROJAN Cerber Domain Observed (hajw7w .bid in DNS Lookup)(trojan.rules) 2828451 - ETPRO TROJAN Cerber Domain Observed (tx0igu .bid in DNS Lookup)(trojan.rules) 2828464 - ETPRO TROJAN W32.MDFSMiner Domain (strak .xyz in DNS Lookup)(trojan.rules) 2828482 - ETPRO TROJAN Win32/LockeR Ransomware CnC Activity (trojan.rules) 2828522 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer.ru in DNS Query) (trojan.rules) 2828523 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer.info in DNS Query) (trojan.rules) 2828524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 1 (mobile_malware.rules) 2828525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 2 (mobile_malware.rules) 2828526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 3 (mobile_malware.rules) 2828527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 4 (mobile_malware.rules) 2828528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 5 (mobile_malware.rules) 2828529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 6 (mobile_malware.rules) 2828530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 7 (mobile_malware.rules) 2828531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNSLookup 8 (mobile_malware.rules) 2828535 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin(trojan.rules) 2828543 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules) 2828553 - ETPRO TROJAN Trojan.Win32.DiscordiaMiner Checkin (trojan.rules) 2828564 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules) 2828568 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in DNSLookup) (trojan.rules) 2828570 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in DNSLookup) (trojan.rules) 2828572 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in DNSLookup) (trojan.rules) 2828576 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in DNSLookup) (trojan.rules) 2828609 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in DNS Lookup)(trojan.rules) 2828611 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in DNS Lookup)(trojan.rules) 2828615 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in DNSLookup) (trojan.rules) 2828622 - ETPRO TROJAN Win32.Nomepasta Banload Variant Checkin(trojan.rules) 2828638 - ETPRO TROJAN LokiBot Dropper UA (noobBoy) (trojan.rules) 2828645 - ETPRO TROJAN Zebrocy CnC Checkin (trojan.rules) 2828648 - ETPRO TROJAN MSIL/Agent.SFR CnC Activity (trojan.rules) 2828661 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in DNS Lookup)(trojan.rules) 2828670 - ETPRO INFO Dynamic DNS Domain (*.punkdns .top in DNS Lookup)(info.rules) 2828700 - ETPRO TROJAN W32/LTTMoney Checkin (trojan.rules) 2828701 - ETPRO TROJAN Observed Malicious IP Check (W32/LTTMoney)(trojan.rules) 2838412 - ETPRO TROJAN Win32/Get2 Downloader CnC Checkin (trojan.rules) 2838606 - ETPRO TROJAN Win32/jssLoader CnC Activity (trojan.rules) 2838607 - ETPRO TROJAN Win32/jssLoader CnC Checkin (trojan.rules) 2844316 - ETPRO CURRENT_EVENTS Successful Generic Credit Card InformationPhish 2020-09-08 (current_events.rules) 2ff7e9595c
Comments