[***] Summary: [***]
3 new Open, 21 new Pro (3 + 18). MageCart, Win32.Black.eoxqwe, Ursnif SSL, sLoad SSL.
[+++] Added rules: [+++]
Open:
2026684 - ET INFO Certificate with Unknown Content M2 (info.rules)
2026685 - ET CURRENT_EVENTS Observed DNS Query for MageCart Data Exfil Domain (current_events.rules)
2026686 - ET CURRENT_EVENTS Observed DNS Query for MageCart Data Exfil Domain (current_events.rules)
Pro:
2833792 - ETPRO TROJAN Win32.Black.eoxqwe Checkin (trojan.rules)
2833793 - ETPRO TROJAN Win32.Black.eoxqwe Checkin 2 (trojan.rules)
2833794 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin 2 Response (trojan.rules)
2833795 - ETPRO TROJAN Base64 Encoded Powershell Inbound via CertUtil Request M1 (trojan.rules)
2833796 - ETPRO TROJAN Base64 Encoded Powershell Inbound via CertUtil Request M2 (trojan.rules)
2833797 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833798 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833799 - ETPRO TROJAN Win32/GodNet CnC Checkin (trojan.rules)
2833800 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833801 - ETPRO TROJAN GO/Zebrocy Downloader CnC Checkin (trojan.rules)
2833802 - ETPRO TROJAN Win32/Remcos RAT Checkin 79 (trojan.rules)
2833803 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin (trojan.rules)
2833804 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin 2 (trojan.rules)
2833805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-04 1) (trojan.rules)
2833806 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-04 2) (trojan.rules)
2833807 - ETPRO TROJAN Astaroth Checkin (trojan.rules)
2833808 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2833809 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
[///] Modified active rules: [///]
2026649 - ET INFO Certificate with Unknown Content M1 (info.rules)
2827808 - ETPRO TROJAN Backdoor/MSM Stealer Checkin (trojan.rules)
2828254 - ETPRO TROJAN MSIL/SCCracker CnC Check-in (trojan.rules)
2832364 - ETPRO TROJAN MSIL/Lendme Stealer Checkin (trojan.rules)