[***]            Summary:            [***]

15 new Open, 36 new Pro (15 + 21). Octopus Malware, MICROPSIA, SuckLoader, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026537 - ET POLICY Suspicious EXE Download Content-Type image/jpeg (policy.rules)
2026538 - ET TROJAN Possible CozyBear/SeaDaddy SSL/TLS Certificate Observed (trojan.rules)
2026539 - ET TROJAN Possible APT28 DOC Uploader SSL/TLS Certificate Observed (trojan.rules)
2026540 - ET TROJAN Possible DarkTequila SSL/TLS Certificate Observed (trojan.rules)
2026541 - ET TROJAN Octopus Malware Initial Connectivity Check (trojan.rule16s)
2026542 - ET TROJAN Octopus Malware CnC Server Request (trojan.rules)
2026543 - ET TROJAN Octopus Malware CnC Server Connectivity Check (trojan.rules)
2026544 - ET TROJAN Octopus Malware CnC Activity (trojan.rules)
2026545 - ET TROJAN Sidewinder Stage 2 VBS Downloader Reporting Successful Infection (trojan.rules)
2026546 - ET TROJAN MICROPSIA CnC Domain Observed in SNI (samwinchester .club) (trojan.rules)
2026547 - ET TROJAN MICROPSIA HTTP Failover CnC Checkin (trojan.rules)
2026548 - ET TROJAN MICROPSIA HTTP Failover Response M1 (trojan.rules)
2026549 - ET TROJAN MICROPSIA HTTP Failover Response M2 (trojan.rules)
2026550 - ET TROJAN MICROPSIA Sending JPG Screenshot to CnC with .his Extension (tro Win32/ASPC Bot/ARS Stealerjan.rules)
2026551 - ET TROJAN MICROPSIA HTTP Failover Reporting Infected System Information and RAT Version (trojan.rules)

Pro:

2833257 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 448 (mobile_malware.rules)
2833258 - ETPRO TROJAN PoshAdvisor SSL/TLS Certificate Observed (trojan.rules)
2833259 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 1) (trojan.rules)
2833260 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 2) (trojan.rules)
2833261 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 3) (trojan.rules)
2833262 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 4) (trojan.rules)
2833263 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 5) (trojan.rules)
2833264 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-24 6) (trojan.rules)
2833265 - ETPRO TROJAN MSIL/Ersio CnC Checkin (trojan.rules)
2833266 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-24) (current_events.rules)
2833267 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker CnC) (trojan.rules)
2833268 - ETPRO TROJAN SuckLoader CnC Checkin (trojan.rules)
2833269 - ETPRO USER_AGENTS SuckLoader User-Agent Observed (user_agents.rules)
2833270 - ETPRO USER_AGENTS SuckLoader User-Agent Observed 2 (user_agents.rules)
2833271 - ETPRO CURRENT_EVENTS Successful Onedrive/Document Sharing Phish 2018-10-24 (current_events.rules)
2833272 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish 2018-10-24 (current_events.rules)
2833273 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp Phish 2018-10-24 (current_events.rules)
2833274 - ETPRO CURRENT_EVENTS Successful Generic Bank Account Information Phish 2018-10-24 (current_events.rules)
2833275 - ETPRO CURRENT_EVENTS Successful UBS Credit Card Information Phish (DE) 2018-10-24 (current_events.rules)
2833276 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-10-24 (current_events.rules)
2833277 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-24 (current_events.rules)

[///]     Modified active rules:     [///]

2026047 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing 2018-08-30 (current_events.rules)
2026525 - ET TROJAN Win32/BlackCarat XORed (0x77) CnC Checkin (trojan.rules)
2828578 - ETPRO MOBILE_MALWARE Android Bankbot CnC Beacon (mobile_malware.rules)

[---]         Removed rules:         [---]

2833248 - ETPRO POLICY Suspicious EXE Download Content-Type image/jpeg (policy.rules)

Date: 
Wednesday, October 24, 2018 - 00:00