[***] Summary: [***]
4 new Open, 23 new Pro (4 + 19). Threadkit, MSIL/PSK Stealer, Various Mobile, Various Phishing.
[+++] Added rules: [+++]
Open:
2025377 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-22 (current_events.rules)
2025378 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-02-22 (current_events.rules)
2025379 - ET CURRENT_EVENTS Upgrade Advantage Phishing Landing 2018-02-22 (current_events.rules)
2025380 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-22 (current_events.rules)
Pro:
2828412 - ETPRO TROJAN Threadkit Checkin M1 (trojan.rules)
2829765 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-22 (current_events.rules)
2829766 - ETPRO CURRENT_EVENTS Successful Digital Credit Union Phish 2018-02-22 (current_events.rules)
2829767 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-02-22 (current_events.rules)
2829768 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2018-02-22 (current_events.rules)
2829769 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-22 (current_events.rules)
2829770 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2829771 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC) (trojan.rules)
2829772 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 289 (mobile_malware.rules)
2829773 - ETPRO TROJAN Threadkit Checkin M2 (trojan.rules)
2829774 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 290 (mobile_malware.rules)
2829775 - ETPRO TROJAN MSIL/PSK Stealer Sending Screenshot (trojan.rules)
2829776 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in DNS Lookup) (trojan.rules)
2829777 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in TLS SNI) (trojan.rules)
2829778 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-22 1) (trojan.rules)
2829779 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-22 2) (trojan.rules)
2829780 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-22 3) (trojan.rules)
2829781 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-22 4) (trojan.rules)
2829782 - ETPRO CURRENT_EVENTS Successful International Card Services Phish 2018-02-22 (current_events.rules)
[///] Modified active rules: [///]
2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif) (trojan.rules)
[---] Disabled and modified rules: [---]
2825658 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)
[---] Removed rules: [---]
2828412 - ETPRO CURRENT_EVENTS MalDoc Reporting Infection (current_events.rules)