[***]            Summary:            [***]

14 new Pro. CVE-2018-5002, Meterpreter over TCP DNS, Various Phish.

[+++]          Added rules:          [+++]

2828823 - ETPRO INFO Suspicious Terse SSL Cert (Observed used by Powershell Empire) (info.rules)
2831178 - ETPRO TROJAN SSL/TLS Certificate Observed (Ursnif) (trojan.rules)
2831179 - ETPRO TROJAN Observed Meterpreter Communications over TCP DNS (trojan.rules)
2831180 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-07 Domain (www .dfib .net in TLS SNI) (current_events.rules)
2831181 - ETPRO EXPLOIT Flash Player OOB Write (CVE-2018-5002) (exploit.rules)
2831182 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-07 2) (current_events.rules)
2831183 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone/Ursnif CnC) (trojan.rules)
2831184 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-06-07 (current_events.rules)
2831185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-07 1) (trojan.rules)
2831186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-07 2) (trojan.rules)
2831187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-07 3) (trojan.rules)
2831188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-07 4) (trojan.rules)
2831189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-07 5) (trojan.rules)
2831190 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-06-07 (current_events.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules)
2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules)
2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules)
2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules)
2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules)
2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules)
2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules)
2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules)
2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules)
2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules)
2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules)
2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules)
2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules)
2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules)
2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules)
2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules)
2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules)
2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules)
2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules)
2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules)
2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules)
2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules)
2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules)
2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules)
2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules)
2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules)
2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules)
2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules)
2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules)
2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules)
2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules)
2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules)
2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules)
2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules)
2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules)
2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules)
2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules)
2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules)
2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules)
2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules)
2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules)
2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules)
2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules)
2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules)
2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules)
2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules)
2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules)
2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules)
2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules)
2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules)
2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules)
2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules)
2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules)
2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules)
2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules)
2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules)
2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules)
2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules)
2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules)
2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules)
2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules)
2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules)
2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules)
2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules)
2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules)
2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules)
2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules)
2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules)
2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules)
2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules)
2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules)
2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules)
2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules)
2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules)
2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules)
2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules)
2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules)
2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules)
2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules)
2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules)
2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules)
2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules)
2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules)
2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules)
2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules)
2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules)
2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules)
2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules)
2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules)
2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules)
2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules)
2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules)
2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules)
2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules)
2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules)
2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules)
2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules)
2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules)
2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules)
2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules)
2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules)
2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules)
2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules)
2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules)
2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules)
2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules)
2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules)
2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules)
2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules)
2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules)
2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules)
2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules)
2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules)
2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules)
2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules)
2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules)
2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules)
2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules)
2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules)
2811044 - ETPRO TROJAN Unknown Checkin (trojan.rules)

[---]         Removed rules:         [---]

2828823 - ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) (trojan.rules)

Date: 
Thursday, June 7, 2018 - 00:00