[***]            Summary:            [***]

9 new Open, 20 new Pro (9 + 11). MSIL/Agent.BIC Variant, PowerShell Commands via DNS TXT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025359 - ET TROJAN MSIL/Agent.BIC Variant CnC Checkin (trojan.rules)
2025360 - ET CURRENT_EVENTS Possible Wells Fargo Phishing Landing - Title over non SSL (current_events.rules)
2025361 - ET CURRENT_EVENTS Sparkasse Phishing Landing 2018-02-15 (current_events.rules)
2025362 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-15 (current_events.rules)
2025363 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-15 (current_events.rules)
2025364 - ET CURRENT_EVENTS Google Docs Phishing Landing 2018-02-15 (current_events.rules)
2025365 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-15 (current_events.rules)
2025366 - ET CURRENT_EVENTS Chase Phishing Landing 2018-02-15 (current_events.rules)
2025367 - ET CURRENT_EVENTS Square Phishing Landing 2018-02-15 (current_events.rules)

Pro:

2829676 - ETPRO TROJAN Hworm/Houdini CnC Checkin (trojan.rules)
2829677 - ETPRO TROJAN Observed Malicious SSL Cert (Shino Bot CnC) (trojan.rules)
2829678 - ETPRO TROJAN MalDoc Retrieving PowerShell Commands via DNS TXT (trojan.rules)
2829679 - ETPRO CURRENT_EVENTS Observed Malicious Domain used in MalDoc (holiday-factory .000webhostapp .com in TLS SNI) (current_events.rules)
2829680 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-02-15 (current_events.rules)
2829681 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-15 (current_events.rules)
2829682 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-02-15 (current_events.rules)
2829683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-15 1) (trojan.rules)
2829684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-15 2) (trojan.rules)
2829685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-15 3) (trojan.rules)
2829686 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-15 4) (trojan.rules)

[///]     Modified active rules:     [///]

2010715 - ET SCAN ZmEu exploit scanner (scan.rules)
2025281 - ET CURRENT_EVENTS Cloned Website Phishing Landing - Saved Website Comment Observed (current_events.rules)
2025292 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M1 (current_events.rules)
2828789 - ETPRO TROJAN Reaver C2 Checkin Command (trojan.rules)
2829671 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-14 (current_events.rules)

Date: 
Thursday, February 15, 2018 - 00:00