[***]            Summary:            [***]

2 new Open, 13 new Pro (2 + 11). Various Phish, Various Coinminer, Various MalDocs.

[+++]          Added rules:          [+++]

Open:

2025593 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) M2 (web_server.rules)
2025594 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) M3 (web_server.rules)

Pro:

2831284 - ETPRO TROJAN Remcos RAT Checkin 21 (trojan.rules)
2831285 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-15 Domain (idontknow .moe in TLS SNI) (current_events.rules)
2831286 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-15 2) (current_events.rules)
2831287 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-15 1) (trojan.rules)
2831288 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-15 2) (trojan.rules)
2831289 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-15 3) (trojan.rules)
2831290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-15 4) (trojan.rules)
2831291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-06-15 5) (trojan.rules)
2831292 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-06-15 (current_events.rules)
2831293 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-06-15 (current_events.rules)
2831294 - ETPRO TROJAN MSIL.Unfinished.RAT Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2012587 - ET TROJAN BlackshadesRAT Reporting (trojan.rules)
2013938 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) M1 (web_server.rules)
2024792 - ET POLICY Cryptocurrency Miner Checkin (policy.rules)
2807955 - ETPRO TROJAN Win32/Injector.Autoit.ZZ (trojan.rules)

Date: 
Thursday, June 14, 2018 - 22:00