[***]            Summary:            [***]

1 new Open, 13 new Pro (1 + 12). Aurora/OneKeyLocker, W32/NaverDown, Various Phish.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2025586 - ET TROJAN Aurora/OneKeyLocker Ransomware CnC Checkin (trojan.rules)

Pro:

2831077 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-30) (current_events.rules)
2831078 - ETPRO TROJAN W32/NaverDown CnC Checkin (trojan.rules)
2831079 - ETPRO TROJAN AZORult Variant.3 Checkin M2 (trojan.rules)
2831080 - ETPRO CURRENT_EVENTS Successful Austrailian Government myGov Phish 2018-05-30 (current_events.rules)
2831081 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish 2018-05-30 (current_events.rules)
2831082 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish 2018-05-30 (current_events.rules)
2831083 - ETPRO CURRENT_EVENTS Successful Mastercard Securecode Phish 2018-05-30 (current_events.rules)
2831084 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2018-05-30 (current_events.rules)
2831085 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-05-30 (current_events.rules)
2831086 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-30 1) (trojan.rules)
2831087 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-30 2) (trojan.rules)
2831088 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-30 3) (trojan.rules)

[///]     Modified active rules:     [///]

2829890 - ETPRO TROJAN AZORult Variant.3 Checkin M1 (trojan.rules)
2831049 - ETPRO TROJAN PS/QuadAgent Communicating with CnC (trojan.rules)
2831061 - ETPRO TROJAN Observed APT 10 MenuPass CnC Domain (www .jadl-or .com in TLS SNI) (trojan.rules)

[---]         Disabled rules:        [---]

2014476 - ET TROJAN HTTP Request to Zaletelly CnC Domain zaletellyxx.be (trojan.rules)
2014477 - ET TROJAN HTTP Request to Zaletelly CnC Domain atserverxx.info (trojan.rules)
2014528 - ET TROJAN W32/Taidoor.Backdoor Command Request CnC Checkin (trojan.rules)
2014578 - ET TROJAN Win32.Winwebsec.B Checkin (trojan.rules)
2014632 - ET TROJAN FireEye.STX RAT Checkin (trojan.rules)
2014637 - ET TROJAN Maljava Dropper for Windows (trojan.rules)
2014638 - ET TROJAN Maljava Dropper for OS X (trojan.rules)
2014668 - ET TROJAN W32/SpyBanker Infection Confirmation Email (trojan.rules)
2014700 - ET TROJAN W32/Backdoor.BAT.Agent.W User Botnet (trojan.rules)
2014719 - ET TROJAN W32/Simbot.Backdoor Checkin (trojan.rules)
2014720 - ET TROJAN W32/Downloader/Agent.dxh.1 Reporting to CnC (trojan.rules)
2014721 - ET TROJAN Boatz Checkin (trojan.rules)
2014723 - ET TROJAN Suspicious lcon http header in response seen with Medfos/Midhos downloader (trojan.rules)
2014731 - ET TROJAN Snap Bot Checkin (trojan.rules)
2014732 - ET TROJAN Snap Bot Receiving Download Command (trojan.rules)
2014733 - ET TROJAN Snap Bot Receiving DDoS Command (trojan.rules)
2014755 - ET TROJAN W32/HupigonUser.Backdoor Rabclib UA Checkin (trojan.rules)
2014759 - ET TROJAN Trojan.BAT.Qhost Response from Controller (trojan.rules)
2014760 - ET TROJAN W32/Votwup.Backdoor Checkin (trojan.rules)
2014795 - ET TROJAN W32/Syndicasec.Backdoor Client POST CMD result (trojan.rules)
2014797 - ET TROJAN ZeuS Ransomware win_unlock (trojan.rules)
2014826 - ET TROJAN Virus.Win32.Sality.aa Checkin (trojan.rules)
2014841 - ET TROJAN Possible Feodo/Cridex Traffic Detected (trojan.rules)
2014849 - ET TROJAN Flamer WuSetupV module traffic 1 (trojan.rules)
2014850 - ET TROJAN Flamer WuSetupV module traffic 2 (trojan.rules)
2014864 - ET TROJAN W32.Gimemo/Aldibot CnC POST (trojan.rules)
2014933 - ET TROJAN Win32/Bicololo.Dropper ne_unik CnC Server Response (trojan.rules)
2014957 - ET TROJAN Backdoor Win32/Hupigon.CK Client Idle (trojan.rules)
2014961 - ET TROJAN W32/Scar CnC Checkin (trojan.rules)
2015002 - ET TROJAN Pushbot User-Agent (trojan.rules)
2015003 - ET TROJAN Pushbot server response (trojan.rules)
2015019 - ET TROJAN W32/Icoo CnC Checkin (trojan.rules)
2015022 - ET TROJAN W32/Zusy Gettime Checkin (trojan.rules)
2016963 - ET TROJAN Trojan.Win32/Mutopy.A Checkin (trojan.rules)
2804789 - ETPRO TROJAN Trojan-PSW.Win32.WebMoner.si Checkin (trojan.rules)
2804818 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QWQ Checkin (trojan.rules)
2804876 - ETPRO TROJAN Win32/Coswid.A Checkin (trojan.rules)
2804884 - ETPRO TROJAN Win32/Bancos.DV Checkin (trojan.rules)
2804885 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QYJ Checkin (trojan.rules)
2804940 - ETPRO TROJAN TrojanDownloader.Win32/Begger.A Checkin (trojan.rules)
2804944 - ETPRO TROJAN Win32/Simda.A CnC Traffic (trojan.rules)
2804950 - ETPRO TROJAN Backdoor.Win32.Simda.kv/Proxyier Checkin (trojan.rules)
2804998 - ETPRO TROJAN Trojan.Downloader.gen.h Checkin (trojan.rules)
2805000 - ETPRO TROJAN HackTool.Win32.VKTools.na Checkin 2 (trojan.rules)
2805002 - ETPRO TROJAN HackTool.Win32.VKTools.na Checkin 4 (trojan.rules)
2805090 - ETPRO TROJAN Win32/Sality.AT Checkin 3 (trojan.rules)
2805094 - ETPRO TROJAN W32/VB.POZ!tr.dldr exec SQL command (exec retorna dados) (trojan.rules)
2805096 - ETPRO TROJAN Downloader.Win32.Knigsfot.ev Download Request (trojan.rules)
2805108 - ETPRO TROJAN Trojan-Downloader.Win32.Apher.gen Checkin (trojan.rules)
2805131 - ETPRO TROJAN Win32/Banload.AMO Checkin (trojan.rules)

Date: 
Tuesday, May 29, 2018 - 22:00