[***]            Summary:            [***]

1 new Open, 40 new Pro (1 + 39). Nemours RAT, Zebrocy, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026683 - ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC (trojan.rules)

Pro:

2833722 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GZ Contact Exfil via SMTP (mobile_malware.rules)
2833723 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.AW Contact Exfil via SMTP (mobile_malware.rules)
2833724 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.bj Contact Exfil via SMTP (mobile_malware.rules)
2833725 - ETPRO MOBILE_MALWARE Android/GoldenTouch.A!tr Reporting Infection via SMTP 2 (mobile_malware.rules)
2833726 - ETPRO MOBILE_MALWARE Android.Spy.120.origin Reporting Infection via SMTP (mobile_malware.rules)
2833727 - ETPRO MOBILE_MALWARE Android/Spy.Agent.FX Reporting Infection via SMTP (mobile_malware.rules)
2833728 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.AW Reporting Infection via SMTP (mobile_malware.rules)
2833729 - ETPRO MOBILE_MALWARE Android.Trojan.JSmsHider.n Reporting Infection via SMTP (mobile_malware.rules)
2833730 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.AE Reporting Infection via SMTP (mobile_malware.rules)
2833731 - ETPRO TROJAN Win32/LittleTimmy CnC Beacon (trojan.rules)
2833732 - ETPRO MOBILE_MALWARE Android.Monitor.Cansy.A CnC Beacon (mobile_malware.rules)
2833733 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 450 (mobile_malware.rules)
2833734 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 1) (trojan.rules)
2833735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 2) (trojan.rules)
2833736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 3) (trojan.rules)
2833737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 4) (trojan.rules)
2833738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 5) (trojan.rules)
2833739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-30 6) (trojan.rules)
2833740 - ETPRO TROJAN Nemours RAT CnC Checkin (trojan.rules)
2833741 - ETPRO TROJAN Nemours RAT Command - Start (trojan.rules)
2833742 - ETPRO TROJAN Unk.Stealer Checkin via FTP (trojan.rules)
2833743 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-11-30) (current_events.rules)
2833744 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-11-30 2) (current_events.rules)
2833745 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833746 - ETPRO MALWARE AdPoshel Adware Variant (malware.rules)
2833747 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-11-30 (current_events.rules)
2833748 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2018-11-30 (current_events.rules)
2833749 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-30 (current_events.rules)
2833750 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-11-30 (current_events.rules)
2833751 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish 2018-11-30 (current_events.rules)
2833752 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-11-30 (current_events.rules)
2833753 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2018-11-30 (current_events.rules)
2833754 - ETPRO CURRENT_EVENTS Hex Encoded PowerShell Command Containing Base64 Payload Inbound 2018-11-30 (current_events.rules)
2833755 - ETPRO CURRENT_EVENTS PowerShell Command with Hex Encoded Spaces Inbound (current_events.rules)
2833756 - ETPRO TROJAN MSIL/PartsMiner Downloader CnC Checkin (trojan.rules)
2833757 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader CnC) (current_events.rules)
2833758 - ETPRO CURRENT_EVENTS BrushaLoader CnC Domain in SNI (current_events.rules)
2833759 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CobaltStrike CnC) (current_events.rules)
2833760 - ETPRO CURRENT_EVENTS PowerShell Reflective Shellcode Loader Inbound 2018-11-30 (current_events.rules)

[///]     Modified active rules:     [///]

2831005 - ETPRO POLICY Observed Suspicious SSL Cert (Possible KnowBe4 Phish Training) (policy.rules)
2832865 - ETPRO POLICY KnowBe4 Phish Training HTTP Request (policy.rules)
2833613 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound 2018-11-23 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2801369 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 1 (netbios.rules)
2801370 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 2 (netbios.rules)
2801371 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 139 (netbios.rules)
2801372 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow SMB (netbios.rules)
2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)
2801375 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 2 (netbios.rules)
2801376 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 139 (netbios.rules)
2801377 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal SMB (netbios.rules)

Date: 
Friday, November 30, 2018 - 00:00