[***]            Summary:            [***]

3 new Open, 21 new Pro (3 + 18). MSIL/SQLConn, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025449 - ET POLICY DNS Query to .onion proxy Domain (onion. pw) (policy.rules)
2025450 - ET CURRENT_EVENTS Comcast/Xfinity Phishing Landing 2018-03-30 (current_events.rules)
2025451 - ET POLICY Monero Mining Pool Lookup (policy.rules)

Pro:

2830194 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-03-29 (current_events.rules)
2830195 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-03-29 (current_events.rules)
2830196 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-03-29 (current_events.rules)
2830197 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2018-03-29 (current_events.rules)
2830198 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-03-29 (current_events.rules)
2830199 - ETPRO CURRENT_EVENTS Successful IRS Phish 2018-03-29 M1 (current_events.rules)
2830200 - ETPRO CURRENT_EVENTS Successful IRS Phish 2018-03-29 M2 (current_events.rules)
2830201 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-03-29 (current_events.rules)
2830202 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-29 1) (trojan.rules)
2830203 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-29 2) (trojan.rules)
2830204 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-29 3) (trojan.rules)
2830205 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-29 4) (trojan.rules)
2830206 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-03-30) (trojan.rules)
2830207 - ETPRO CURRENT_EVENTS Successful Generic Window.History.Back Phish 2018-03-30 (current_events.rules)
2830208 - ETPRO CURRENT_EVENTS Successful Xfinity Phish 2018-03-30 M1 (current_events.rules)
2830209 - ETPRO CURRENT_EVENTS Successful Xfinity Phish 2018-03-30 M2 (current_events.rules)
2830210 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2018-03-30 (current_events.rules)
2830211 - ETPRO TROJAN Observed MSIL/SQLConn CnC Domain (httprpc. 000webhostapp .com in TLS SNI) (trojan.rules)

[///]     Modified active rules:     [///]

2025446 - ET POLICY DNS Query to .onion proxy Domain (onion. sx) (policy.rules)
2830035 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M1 (trojan.rules)

[---]         Removed rules:         [---]

2825325 - ETPRO TROJAN Satan Ransomware Domain (onion . pw) (trojan.rules)

Date: 
Friday, March 30, 2018 - 00:00