[***]            Summary:            [***]

3 new Open, 18 new Pro (3 + 15). Fake Flash, QwertMiner, Various Phish, TIIF.

[+++]          Added rules:          [+++]

Open:

2026463 - ET SCAN StarDotStar HELO, suspected AUTH LOGIN botnet (scan.rules)
2026474 - ET CURRENT_EVENTS Fake FlashPlayer Update Leading to CoinMiner M1 2018-10-12 (current_events.rules)
2026475 - ET CURRENT_EVENTS Fake FlashPlayer Update Leading to CoinMiner M2 2018-10-12 (current_events.rules)

Pro:

2833077 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-12 (current_events.rules)
2833078 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-12 (current_events.rules)
2833079 - ETPRO CURRENT_EVENTS Successful Credit Mutuel Phish 2018-10-12 (current_events.rules)
2833080 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-10-12 (current_events.rules)
2833081 - ETPRO CURRENT_EVENTS Successful Office_365 Phish 2018-10-12 (current_events.rules)
2833082 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-10-12 (current_events.rules)
2833083 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2018-10-12 (current_events.rules)
2833084 - ETPRO TROJAN Win32/QwertMiner CoinMiner Dropper CnC Checkin M2 (trojan.rules)
2833085 - ETPRO TROJAN Win32/QwertMiner Suspicious HTTP Header (Gkjfdshfkjjd) (trojan.rules)
2833086 - ETPRO TROJAN Win32/QwertMiner Suspicious HTTP Header (Fdhgsajhhghasg) (trojan.rules)
2833087 - ETPRO USER_AGENTS Win32/QwertMiner Suspicious UA (jdlnb) (user_agents.rules)
2833088 - ETPRO USER_AGENTS Win32/QwertMiner Suspicious UA (hvczxvbxvvnxzbvnb) (user_agents.rules)
2833089 - ETPRO MALWARE Win32/Unk.PUA Receiving Payload Country Distribution Config (malware.rules)
2833090 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC Domain) (trojan.rules)
2833091 - ETPRO TROJAN Cobalt Group/More_eggs DNS Lookup (fundswp .com) (trojan.rules)

[///]     Modified active rules:     [///]

2829378 - ETPRO TROJAN Win32/QwertMiner CoinMiner Dropper CnC Checkin M1 (trojan.rules)
2832577 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)

[---]         Removed rules:         [---]

2026463 - ET CURRENT_EVENTS StarDotStar HELO, suspected AUTH LOGIN botnet (current_events.rules)

Date: 
Friday, October 12, 2018 - 00:00