[***]            Summary:            [***]

5 new Open, 31 new Pro (5 + 26). Lazarus Downloader, Sharik/Smoke CnC Update, PoshAdvisor Cert, MAFIA Ransomware, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2007821 - ET USER_AGENTS Suspicious User-Agent (HTTP_CONNECT_) (user_agents.rules)
2025990 - ET TROJAN SSL Cert Associated with Lazarus Downloader (JEUSD) (trojan.rules)
2025991 - ET TROJAN Lazarus Downloader (JEUSD) CnC Beacon (trojan.rules)
2025992 - ET EXPLOIT Possible ETERNALBLUE Probe MS17-010 (Generic Flags) (exploit.rules)
2025993 - ET TROJAN Sharik/Smoke CnC Beacon 11 (trojan.rules)

Pro:

2832179 - ETPRO CURRENT_EVENTS Successful 163 Phish 2018-08-15 (current_events.rules)
2832180 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-08-15 (current_events.rules)
2832181 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish 2018-08-15 (current_events.rules)
2832182 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-08-15 (current_events.rules)
2832183 - ETPRO TROJAN PoshAdvisor SSL/TLS Certificate Observed (trojan.rules)
2832184 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-08-15 (current_events.rules)
2832185 - ETPRO TROJAN Win32/MAFIA Ransomware Checkin (trojan.rules)
2832186 - ETPRO TROJAN Win32/MAFIA Ransomware CnC Onion Domain (trojan.rules)
2832187 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-08-15 (current_events.rules)
2832188 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-08-15 M1 (current_events.rules)
2832189 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-08-15 M2 (current_events.rules)
2832190 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-15) (current_events.rules)
2832191 - ETPRO CURRENT_EVENTS Successful Securecode Phish 2018-08-15 (current_events.rules)
2832192 - ETPRO CURRENT_EVENTS Successful Personalized Onedrive Phish 2018-08-15 (current_events.rules)
2832193 - ETPRO TROJAN Arkei Stealer HTTP POST Pattern (trojan.rules)
2832194 - ETPRO TROJAN MSIL/Simple Miner CnC Activity (trojan.rules)
2832195 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-15 2) (current_events.rules)
2832196 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-15 3) (current_events.rules)
2832197 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-15 4) (current_events.rules)
2832198 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AGY C2 Response (mobile_malware.rules)
2832199 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 1) (trojan.rules)
2832200 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 2) (trojan.rules)
2832201 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 3) (trojan.rules)
2832202 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 4) (trojan.rules)
2832203 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 5) (trojan.rules)
2832204 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-15 6) (trojan.rules)

[///]     Modified active rules:     [///]

2025431 - ET TROJAN Arkei Stealer Client Data Upload (trojan.rules)
2025649 - ET EXPLOIT Possible ETERNALBLUE Probe MS17-010 (MSF style) (exploit.rules)
2025650 - ET EXPLOIT ETERNALBLUE Probe Vulnerable System Response MS17-010 (exploit.rules)

[---]         Removed rules:         [---]

2007821 - ET MALWARE Rabio.com Related Adware/Spyware User-Agent (HTTP_CONNECT_2) (malware.rules)

Date: 
Tuesday, August 14, 2018 - 22:00