[***]            Summary:            [***]

1 new Open, 33 new Pro (1 + 32). Remcos, Babylon, RovnixLoader, Nozelesn, Various Mobile.

Thanks: James Lay

[+++]          Added rules:          [+++]

Open:

2025632 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-06-29 (current_events.rules)

Pro:

2831486 - ETPRO CURRENT_EVENTS Successful Generic Location.replace Phish 2018-06-29 (current_events.rules)
2831487 - ETPRO TROJAN Remcos RAT Checkin 22 (trojan.rules)
2831488 - ETPRO TROJAN Babylon RAT CnC Checkin 1 (trojan.rules)
2831489 - ETPRO TROJAN Win32/RovnixLoader CnC Checkin 2 (trojan.rules)
2831490 - ETPRO TROJAN NSIS/Agent.NBZ CnC Checkin (trojan.rules)
2831491 - ETPRO TROJAN Win32/Agent.QGZR CnC Checkin (trojan.rules)
2831492 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.GinMaster.b Uploading System Log (mobile_malware.rules)
2831493 - ETPRO EXPLOIT VMware NSX SD-WAN Command Injection (exploit.rules)
2831494 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC Domain) (trojan.rules)
2831495 - ETPRO EXPLOIT VMware NSX SD-WAN Command Injection 2 (exploit.rules)
2831496 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 373 (mobile_malware.rules)
2831497 - ETPRO TROJAN Nozelesn Ransomware .onion Payment Domain DNS Lookup (trojan.rules)
2831498 - ETPRO EXPLOIT Geutebruck Remote Command Execution (exploit.rules)
2831499 - ETPRO CURRENT_EVENTS Brazilian Downloader Landing Page M1 2018-07-02 (current_events.rules)
2831500 - ETPRO CURRENT_EVENTS Brazilian Downloader Landing Page M2 2018-07-02 (current_events.rules)
2831501 - ETPRO TROJAN Possible Brazilian Downloader ZIP/EXE Request 2018-07-02 (trojan.rules)
2831502 - ETPRO TROJAN Possible Brazilian Downloader EXE Request 2018-07-02 (trojan.rules)
2831503 - ETPRO TROJAN W32/Chthonic CnC Domain (amellet .bit in DNS Lookup) (trojan.rules)
2831504 - ETPRO TROJAN W32/Chthonic CnC Domain (aprode .bit in DNS Lookup) (trojan.rules)
2831505 - ETPRO TROJAN W32/Chthonic CnC Domain (ponedobla .bit in DNS Lookup) (trojan.rules)
2831506 - ETPRO WEB_SPECIFIC_APPS Dolibarr ERP CRM PHP Code Injection (web_specific_apps.rules)
2831507 - ETPRO WEB_SPECIFIC_APPS DAMICMS Cross-Site Request Forgery (Add Admin) (web_specific_apps.rules)
2831508 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 1) (trojan.rules)
2831509 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 2) (trojan.rules)
2831510 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 3) (trojan.rules)
2831511 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 4) (trojan.rules)
2831512 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 5) (trojan.rules)
2831513 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 6) (trojan.rules)
2831514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 7) (trojan.rules)
2831515 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 8) (trojan.rules)
2831516 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 9) (trojan.rules)
2831517 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-02 10) (trojan.rules)

[///]     Modified active rules:     [///]

2830822 - ETPRO CURRENT_EVENTS Observed MalDoc Retrieving EXE Payload 2018-05-14 (current_events.rules)
2831460 - ETPRO TROJAN Win32/RovnixLoader CnC Checkin 1 (trojan.rules)

Date: 
Sunday, July 1, 2018 - 22:00