[***]            Summary:            [***]

3 new Open, 23 new Pro (3 + 20). Sdbmine Miner, CVE-2017-12635, Win32/Escad Variant, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025434 - ET TROJAN Observed Sofacy CnC Domain (ndpmedia24 .com in DNS Lookup) (trojan.rules)
2025435 - ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635) (exploit.rules)
2025436 - ET INFO Suspicious User-Agent (CustomStringHere) (info.rules)

Pro:

2830030 - ETPRO TROJAN Sdbmine Monero Miner XMR-Proxy DNS Lookup (trojan.rules)
2830031 - ETPRO TROJAN Win32/Escad Variant Checkin (trojan.rules)
2830032 - ETPRO USER_AGENTS Win32/Agent.xxxyeb Downloader (user_agents.rules)
2830033 - ETPRO TROJAN Win32/Agent.xxxyeb Connectivity Check (trojan.rules)
2830034 - ETPRO CURRENT_EVENTS MalDoc Retrieving Powershell 2018-03-19 (current_events.rules)
2830035 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M1 (trojan.rules)
2830036 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M2 (trojan.rules)
2830037 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2018-03-19 (current_events.rules)
2830038 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 2018-03-19 (current_events.rules)
2830039 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 2018-03-19 (current_events.rules)
2830040 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BHH Checkin (mobile_malware.rules)
2830041 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-03-19 (current_events.rules)
2830042 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 302 (mobile_malware.rules)
2830043 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-03-19 M1 (current_events.rules)
2830044 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-03-19 M2 (current_events.rules)
2830045 - ETPRO MOBILE_MALWARE Android/Inmobi.D Checkin 2 (mobile_malware.rules)
2830046 - ETPRO MOBILE_MALWARE Android/LockScreen.Jisut.AP Checkin (mobile_malware.rules)
2830047 - ETPRO INFO Observed Free Hosting Domain (*.beget .tech in DNS Lookup) (info.rules)
2830048 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2018-03-19 (current_events.rules)
2830049 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin 4 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2825567 - ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert (trojan.rules)
2830029 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.hy / HenBox CnC Beacon (mobile_malware.rules)

Date: 
Monday, March 19, 2018 - 00:00