[***]            Summary:            [***]

22 new Pro. JS/BrushaLoader, SSL Certs, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

2833458 - ETPRO MOBILE_MALWARE Android/Hiddad.SY Checkin (mobile_malware.rules)
2833459 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-11-06 (current_events.rules)
2833460 - ETPRO CURRENT_EVENTS Successful Desjardin Phish 2018-11-06 (current_events.rules)
2833461 - ETPRO CURRENT_EVENTS Successful Stellar Phish 2018-11-06 M1 (current_events.rules)
2833462 - ETPRO CURRENT_EVENTS Successful Generic Mail Update Phish 2018-11-06 (current_events.rules)
2833463 - ETPRO CURRENT_EVENTS Successful Stellar Phish 2018-11-06 M2 (current_events.rules)
2833464 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-11-06 (current_events.rules)
2833465 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-11-06 (current_events.rules)
2833466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-11-06 (current_events.rules)
2833467 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC) (trojan.rules)
2833468 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833469 - ETPRO CURRENT_EVENTS JS/BrushaLoader Successful CnC Checkin Response M2 (current_events.rules)
2833470 - ETPRO CURRENT_EVENTS JS/BrushaLoader Additional VBS Payload Inbound (current_events.rules)
2833471 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2833472 - ETPRO CURRENT_EVENTS PowerShell Downloader Saving Payload to AppData Inbound Over Raw TCP (current_events.rules)
2833473 - ETPRO CURRENT_EVENTS PowerShell Loader with Wide Base64 Encoded Stage 2 Inbound Over Raw TCP (current_events.rules)
2833474 - ETPRO CURRENT_EVENTS PowerShell Executing DLL from AppData Inbound Over Raw TCP (current_events.rules)
2833475 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (Win32_ComputerSystem) (info.rules)
2833476 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (OS Install Date) (info.rules)
2833477 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (System Language) (info.rules)
2833478 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (Win32_VideoController) (info.rules)
2833479 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2025918 - ET TROJAN Observed Malicious SSL Cert (MICROPSIA CnC Domain) (trojan.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026538 - ET TROJAN Possible APT29 CozyBear/SeaDaddy SSL/TLS Certificate Observed (trojan.rules)
2026573 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup M1 (trojan.rules)
2026574 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup M2 (trojan.rules)
2801369 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 1 (netbios.rules)
2801370 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 2 (netbios.rules)
2801371 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 139 (netbios.rules)
2801372 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow SMB (netbios.rules)
2801373 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow CIFS (netbios.rules)
2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)
2801375 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 2 (netbios.rules)
2801376 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 139 (netbios.rules)
2801377 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal SMB (netbios.rules)
2832048 - ETPRO CURRENT_EVENTS JS/BrushaLoader Successful CnC Checkin Response M1 (current_events.rules)

Date: 
Tuesday, November 6, 2018 - 00:00