[***] Summary: [***]
3 new Open, 39 new Pro (3 + 36). MAPP, Win32/Backdoor.Androm.pzng, MalDoc SSL Certs, MSIL/CoinMiner.AEF, Various Mobile, Phishing.
April MAPP Coverage:
2831251 => CVE-2018-4945
2831252 => CVE-2018-5000
2831253 => CVE-2018-5001
[+++] Added rules: [+++]
Open:
2025588 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2018-06-11 (current_events.rules)
2025589 - ET MALWARE WiseCleaner Installed (PUA) (malware.rules)
2025590 - ET MALWARE Antibody Software Installed (PUA) (malware.rules)
Pro:
2831221 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-06-11 (current_events.rules)
2831222 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-06-11 (current_events.rules)
2831223 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in OneDrive Phishing 2018-06-11 (current_events.rules)
2831224 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2018-06-11 (current_events.rules)
2831225 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in Netflix Phishing 2018-06-11 (current_events.rules)
2831226 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 364 (mobile_malware.rules)
2831227 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-12) (current_events.rules)
2831228 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-12 2) (current_events.rules)
2831229 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-12 3 Domain (chemstride .com in TLS SNI) (current_events.rules)
2831230 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-12 4) (current_events.rules)
2831231 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-12 5 Domain (morgannancy001 .000webhostapp .com in TLS SNI) (current_events.rules)
2831232 - ETPRO TROJAN Observed Malicious SSL Cert (LockPOS CnC) (trojan.rules)
2831233 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-12 6) (current_events.rules)
2831234 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-12 7) (current_events.rules)
2831235 - ETPRO TROJAN Win32/TrojanDownloader.Autoit.OLY (trojan.rules)
2831236 - ETPRO TROJAN MSIL/CoinMiner.AEF CnC Checkin (trojan.rules)
2831237 - ETPRO TROJAN Win32/Backdoor.Androm.pzng Keep-Alive (Outbound) (trojan.rules)
2831238 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 1) (trojan.rules)
2831239 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 2) (trojan.rules)
2831240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 3) (trojan.rules)
2831241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 4) (trojan.rules)
2831242 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 5) (trojan.rules)
2831243 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 6) (trojan.rules)
2831244 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 7) (trojan.rules)
2831245 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 8) (trojan.rules)
2831246 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 9) (trojan.rules)
2831247 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 10) (trojan.rules)
2831248 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 11) (trojan.rules)
2831249 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 12) (trojan.rules)
2831250 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-12 13) (trojan.rules)
2831251 - ETPRO EXPLOIT Flash Player Type Confusion (CVE-2018-4945) (exploit.rules)
2831252 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound (CVE-2018-5000) (exploit.rules)
2831253 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5001) (exploit.rules)
[///] Modified active rules: [///]
2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection (trojan.rules)
2018876 - ET POLICY DNS Query to .onion proxy Domain (onion.cab) (policy.rules)
2025221 - ET TROJAN Malicious Chrome Extension Click Fraud Activity via Websocket (trojan.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
2831209 - ETPRO TROJAN Win32/Emotet CnC Checkin (POST) (trojan.rules)