[***] Summary: [***]
5 new Open, 27 new Pro (5 + 22). DNS Tunneling, Ursnif, Remcos, Various Phish.
[+++] Added rules: [+++]
Open:
2026416 - ET TROJAN Suspected DNS2TCP Auth (trojan.rules)
2026417 - ET TROJAN Suspected DNS2TCP Connect (trojan.rules)
2026418 - ET TROJAN Suspected fraud-bridge DNS Tunnel (trojan.rules)
2026419 - ET CURRENT_EVENTS Generic MRxJoker Phishing Landing 2018-09-27 (current_events.rules)
2026420 - ET INFO Generic 000webhostapp.com POST 2018-09-27 (set) (info.rules)
Pro:
2832827 - ETPRO MALWARE WebSearchy Browser Hijack Activity (malware.rules)
2832828 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious VBS DL 2018-09-27) (current_events.rules)
2832829 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-27) (current_events.rules)
2832830 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2832831 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif DL 2018-09-27) (current_events.rules)
2832832 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC) (trojan.rules)
2832833 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2832834 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2018-09-27 (current_events.rules)
2832835 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2018-09-27 (current_events.rules)
2832836 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2018-09-27 M1 (current_events.rules)
2832837 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-09-27 (current_events.rules)
2832838 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-27 (current_events.rules)
2832839 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-09-27 (current_events.rules)
2832840 - ETPRO CURRENT_EVENTS Successful Generic SpamEgy Phish 2018-09-27 (current_events.rules)
2832841 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 (current_events.rules)
2832842 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2018-09-27 M2 (current_events.rules)
2832843 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 M1 (current_events.rules)
2832844 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 M2 (current_events.rules)
2832845 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2018-09-27 (current_events.rules)
2832846 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish 2018-09-27 (current_events.rules)
2832847 - ETPRO TROJAN Win32/Remcos RAT Checkin 49 (trojan.rules)
2832848 - ETPRO TROJAN Win32/Remcos RAT Checkin 50 (trojan.rules)
[///] Modified active rules: [///]
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2830346 - ETPRO TROJAN MSIL/Sentinel Keylogger Style IP Check (trojan.rules)
2831895 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish 2018-07-19 (current_events.rules)
2832774 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832775 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832776 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832777 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (trojan.rules)
2832778 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832779 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832780 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832781 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832782 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
[---] Disabled and modified rules: [---]
2829095 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-27 (current_events.rules)