[***]            Summary:            [***]

28 new Pro. MSIL/BoseBot, Win32.Kolovorot, Win32/RovnixLoader, Various Phish.

[+++]          Added rules:          [+++]

Pro:

2831725 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web Server 1 (web_specific_apps.rules)
2831726 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web Server 2 (web_specific_apps.rules)
2831727 - ETPRO WEB_SPECIFIC_APPS cmd powershell base64 encoded to Web Server 3 (web_specific_apps.rules)
2831728 - ETPRO WEB_SPECIFIC_APPS GitStack - Unsanitized Argument Remote Code Execution (web_specific_apps.rules)
2831729 - ETPRO EXPLOIT ZyXEL PK5001Z Backdoor Account Used By HNS Inbound (CVE-2016-10401) (exploit.rules)
2831730 - ETPRO TROJAN Win32/RovnixLoader Checkin M2 (trojan.rules)
2831731 - ETPRO MALWARE PUP.W32.Regaid.KR Checkin via MySQL (malware.rules)
2831732 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Phish 2018-07-12 (current_events.rules)
2831733 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-07-12 (current_events.rules)
2831734 - ETPRO CURRENT_EVENTS Successful International Card Services Phish 2018-07-12 (current_events.rules)
2831735 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-12 (current_events.rules)
2831736 - ETPRO CURRENT_EVENTS Successful Banco do Estado de Sergipe S.A. Phish 2018-07-12 (current_events.rules)
2831737 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-12 (current_events.rules)
2831738 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-07-12 (current_events.rules)
2831739 - ETPRO TROJAN Win32.Kolovorot Checkin M1 (trojan.rules)
2831740 - ETPRO CURRENT_EVENTS Successful Possible Excel Online Phish 2018-07-12 (current_events.rules)
2831741 - ETPRO CURRENT_EVENTS Successful TSB Banking Phish 2018-07-12 (current_events.rules)
2831742 - ETPRO CURRENT_EVENTS Successful Bank Austria Phish 2018-07-12 (current_events.rules)
2831743 - ETPRO CURRENT_EVENTS Successful Stripe Banking Phish 2018-07-12 (current_events.rules)
2831744 - ETPRO EXPLOIT SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution (exploit.rules)
2831745 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-12) (trojan.rules)
2831746 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 1) (trojan.rules)
2831747 - ETPRO TROJAN MSIL/BoseBot CnC Checkin (trojan.rules)
2831748 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 2) (trojan.rules)
2831749 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 3) (trojan.rules)
2831750 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 4) (trojan.rules)
2831751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 5) (trojan.rules)
2831752 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-12 6) (trojan.rules)

[///]     Modified active rules:     [///]

2022658 - ET CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest) (current_events.rules)
2808245 - ETPRO TROJAN Win32.Agent.agpdx Checkin (trojan.rules)
2830220 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-04-02 (current_events.rules)

Date: 
Wednesday, July 11, 2018 - 22:00