[***]            Summary:            [***]

3 new Open, 19 new Pro (3 + 16). DanaBot Email Harvesting, ServHelper SSL Certs, Ursnif CnC Beacons, Novidade EK.

[+++]          Added rules:          [+++]

2026719 - ET WEB_SERVER HP Intelligent Management Java Deserialization RCE Attempt (web_server.rules)
2026720 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 2 (trojan.rules)
2026721 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 1 (trojan.rules)
2833876 - ETPRO TROJAN MSIL.Cordis.Stealer Checkin via FTP (trojan.rules)
2833877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-11 1) (trojan.rules)
2833878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-11 2) (trojan.rules)
2833879 - ETPRO MALWARE PUP.OptimizerPro Checkin 2 (malware.rules)
2833880 - ETPRO MALWARE Win32/Adload.NTZ Checkin (malware.rules)
2833881 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2833882 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2833883 - ETPRO TROJAN Ursnif Variant CnC Beacon 11 M1 (trojan.rules)
2833884 - ETPRO TROJAN Ursnif Variant CnC Beacon 11 M2 (trojan.rules)
2833885 - ETPRO TROJAN Win32/HentaiBot Keep-Alive via WebSockets (trojan.rules)
2833886 - ETPRO TROJAN Win32/HentaiBot Inbound Attack Command from CnC (trojan.rules)
2833887 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC) (trojan.rules)
2833888 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup (trojan.rules)
2833889 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in SNI (trojan.rules)
2833890 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 4 (apaoskdpoaskdpoaskdpaoskdpoaksqwoiejiqjwei) (trojan.rules)
2833891 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 5 (opkqpowekdasdoaijsdoiiowqewqewowekkjndkjansdka) (trojan.rules)

[///]     Modified active rules:     [///]

2831994 - ETPRO POLICY Possible Coin Miner Downloader Retrieving Payload (cpu64) (policy.rules)
2833557 - ETPRO CURRENT_EVENTS Novidade EK JS DNSChanger Initial Landing Page 2018-11-14 (current_events.rules)
2833558 - ETPRO CURRENT_EVENTS Novidade EK JS DNSChanger Base64 Attack Modules Landing Page 2018-11-14 (current_events.rules)
2833559 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M1 (current_events.rules)
2833560 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M2 (current_events.rules)
2833561 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M3 (current_events.rules)
2833562 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M4 (current_events.rules)
2833563 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M5 (current_events.rules)
2833564 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M6 (Bruteforce) (current_events.rules)
2833565 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M7 (Bruteforce) (current_events.rules)
2833566 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M8 (Bruteforce) (current_events.rules)
2833567 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M9 (Bruteforce) (current_events.rules)
2833875 - ETPRO POLICY External IP Check (policy.rules)

Date: 
Monday, December 10, 2018 - 22:00