[***]            Summary:            [***]

4 new Open, 41 new Pro (4 + 37). Locky CnC, MSIL/Ursa.Loader, Goldeneye, Coalabot, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026514 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.live) (trojan.rules)
2026515 - ET INFO Suspicious Redirect to Download EXE from Bitbucket (info.rules)
2026516 - ET CURRENT_EVENTS Possible Successful Phish - Generic Credential POST to Ngrok.io (current_events.rules)
2026517 - ET TROJAN Locky CnC Checkin (trojan.rules)

Pro:

2833135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 1) (trojan.rules)
2833136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 2) (trojan.rules)
2833137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 3) (trojan.rules)
2833138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 4) (trojan.rules)
2833139 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833140 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833141 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833142 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833143 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833144 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833145 - ETPRO TROJAN Gootkit C2 Domain DNS Lookup (trojan.rules)
2833146 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833147 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833148 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833149 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833150 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833151 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833152 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833153 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2833154 - ETPRO TROJAN Remcos RAT Checkin 74 (trojan.rules)
2833155 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-17) (current_events.rules)
2833156 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-17 2) (current_events.rules)
2833157 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload M3 (trojan.rules)
2833158 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish 2018-10-17 (current_events.rules)
2833159 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2018-10-17 (current_events.rules)
2833160 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-10-17 (current_events.rules)
2833161 - ETPRO CURRENT_EVENTS Successful Generic Banking Information Phish 2018-10-17 (current_events.rules)
2833162 - ETPRO CURRENT_EVENTS Successful 1&1 Hosting Phish 2018-10-17 (current_events.rules)
2833163 - ETPRO CURRENT_EVENTS Successful Impots.Gouv.fr Phish 2018-10-17 (current_events.rules)
2833164 - ETPRO TROJAN Goldeneye PWS - Initial Check-in (trojan.rules)
2833165 - ETPRO TROJAN Goldeneye PWS - Receive Commands Upon Join (trojan.rules)
2833166 - ETPRO TROJAN Goldeneye PWS - Active Window (trojan.rules)
2833167 - ETPRO TROJAN Goldeneye PWS - Recovering Passwords (trojan.rules)
2833168 - ETPRO TROJAN DarkComet-RAT Activity (trojan.rules)
2833169 - ETPRO TROJAN Coalabot CnC Check-in (trojan.rules)
2833170 - ETPRO TROJAN Coalabot Fake 404 Response (trojan.rules)
2833171 - ETPRO INFO Dynamic DNS Provider DNS Lookup (gotdns .ch) (info.rules)

[///]     Modified active rules:     [///]

2025496 - ET TROJAN Observed GandCrab Payment Domain (gandcrab in DNS Lookup) (trojan.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2828489 - ETPRO TROJAN FlawedGrace CnC Activity (trojan.rules)

[---]  Disabled and modified rules:  [---]

2026440 - ET TROJAN NCSC APT28 - CompuTrace_Beacon_UserAgent (trojan.rules)

Date: 
Wednesday, October 17, 2018 - 00:00