[***]            Summary:            [***]

31 new Pro. OilRig BONDUPDATER, Base64 Encoded EXE, PowerEnum CnC, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Pro:

2833761 - ETPRO MOBILE_MALWARE Android/Rootnik-AI Checkin (mobile_malware.rules)
2833762 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 451 (mobile_malware.rules)
2833763 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.k Checkin (mobile_malware.rules)
2833764 - ETPRO MOBILE_MALWARE Android/Hiddad.OK Checkin (mobile_malware.rules)
2833765 - ETPRO TROJAN OilRig BONDUPDATER C2 via DNS (trojan.rules)
2833766 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 1) (trojan.rules)
2833767 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 2) (trojan.rules)
2833768 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 3) (trojan.rules)
2833769 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 4) (trojan.rules)
2833770 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 5) (trojan.rules)
2833771 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 6) (trojan.rules)
2833772 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 7) (trojan.rules)
2833773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-03 8) (trojan.rules)
2833774 - ETPRO TROJAN Base64 Encoded EXE Inbound via CertUtil Request M1 (trojan.rules)
2833775 - ETPRO TROJAN Base64 Encoded EXE Inbound via CertUtil Request M2 (trojan.rules)
2833776 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-12-03 (current_events.rules)
2833777 - ETPRO CURRENT_EVENTS Successful ICS International Card Services Phish 2018-12-03 (current_events.rules)
2833778 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-12-03 (current_events.rules)
2833779 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-03 (current_events.rules)
2833780 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2018-12-03 (current_events.rules)
2833781 - ETPRO CURRENT_EVENTS Successful Credit_Mutuel Phish 2018-12-03 (current_events.rules)
2833782 - ETPRO CURRENT_EVENTS Successful Paypal Billing Information Phish 2018-12-03 (current_events.rules)
2833783 - ETPRO CURRENT_EVENTS Successful Discover Phish 2018-12-03 (current_events.rules)
2833784 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2018-12-03 (current_events.rules)
2833785 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2018-12-03 (current_events.rules)
2833786 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-12-03 (current_events.rules)
2833787 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833788 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833789 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833790 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833791 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (APT28 CnC) (current_events.rules)

[///]     Modified active rules:     [///]

2826256 - ETPRO TROJAN Targeted PowerShell Retrieving Payload (trojan.rules)
2833438 - ETPRO TROJAN STOP Ransomware CnC Activity (trojan.rules)
2833603 - ETPRO MOBILE_MALWARE Android/Locker.PN Checkin (mobile_malware.rules)

[---]         Removed rules:         [---]

2020962 - ET TROJAN CozyDuke APT HTTP Checkin (trojan.rules)

Date: 
Monday, December 3, 2018 - 00:00