[***]            Summary:            [***]

8 new Open, 39 new Pro (8 + 31). Strongpity, Powerstats, Coinminers, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026649 - ET INFO Certificate with Unknown Content (info.rules)
2026650 - ET CURRENT_EVENTS Generic Xbalti Phishing Landing 2018-11-26 (current_events.rules)
2026651 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)
2026652 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)
2026653 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)
2026654 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)
2026655 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)
2026656 - ET CURRENT_EVENTS Observed Malicious SSL Cert (StrongPity Domain) (current_events.rules)

Pro:

2833620 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity Checkin (trojan.rules)
2833621 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity (info) (trojan.rules)
2833622 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity (OK) (trojan.rules)
2833623 - ETPRO TROJAN W32.HTTP.Stager Checkin M1 (trojan.rules)
2833624 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 1) (trojan.rules)
2833625 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 2) (trojan.rules)
2833626 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 3) (trojan.rules)
2833627 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 4) (trojan.rules)
2833628 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 5) (trojan.rules)
2833629 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 6) (trojan.rules)
2833630 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 7) (trojan.rules)
2833631 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 8) (trojan.rules)
2833632 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 9) (trojan.rules)
2833633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 10) (trojan.rules)
2833634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 11) (trojan.rules)
2833635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 12) (trojan.rules)
2833636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 13) (trojan.rules)
2833637 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 14) (trojan.rules)
2833638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 15) (trojan.rules)
2833639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 16) (trojan.rules)
2833640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 17) (trojan.rules)
2833641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 18) (trojan.rules)
2833642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-26 19) (trojan.rules)
2833643 - ETPRO TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile (trojan.rules)
2833644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833645 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload 2018-11-26 (current_events.rules)
2833646 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-11-26 (current_events.rules)
2833647 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2018-11-26 (current_events.rules)
2833648 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-11-26 (current_events.rules)
2833649 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-11-26 (current_events.rules)
2833650 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-11-26 (current_events.rules)

[///]     Modified active rules:     [///]

2814467 - ETPRO TROJAN ZxShell WinVNC Command (trojan.rules)
2833520 - ETPRO TROJAN Observed Malicious SSL Cert (SocGholish Redirect) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2811213 - ETPRO TROJAN Trojan/Win32.Banload Config Download Response (trojan.rules)

Date: 
Monday, November 26, 2018 - 00:00