[***]            Summary:            [***]

6 new Open, 24 new Pro (6 + 18). Shamoon v3 Propagation, APT-C-35  ServHelper SocEng DNS, Various Phish.

[+++]          Added rules:          [+++]

2026728 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Persistence Setup File (trojan.rules)
2026729 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Main Payload (trojan.rules)
2026730 - ET TROJAN Shamoon V3 CnC Checkin (trojan.rules)
2026731 - ET WEB_SERVER ThinkPHP RCE Exploitation Attempt (web_server.rules)
2026732 - ET TROJAN Shamoon v3 32bit Propagating Internally via SMB (trojan.rules)
2026733 - ET TROJAN Shamoon v3 64bit Propagating Internally via SMB (trojan.rules)
2833919 - ETPRO TROJAN Kimsuky Chrome Extension CnC Beacon (trojan.rules)
2833920 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-14 1) (trojan.rules)
2833921 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-14 2) (trojan.rules)
2833922 - ETPRO POLICY Observed DNS Query to a *.warzonedns .com domain - Likely Hostile (policy.rules)
2833923 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-12-13 (current_events.rules)
2833924 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-12-13 (current_events.rules)
2833925 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-12-13 (current_events.rules)
2833926 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-12-13 (current_events.rules)
2833927 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2018-12-13 (current_events.rules)
2833928 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2018-12-13 (current_events.rules)
2833929 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2018-12-13 (current_events.rules)
2833930 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2018-12-13 (current_events.rules)
2833931 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-12-13 (current_events.rules)
2833932 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 1 (trojan.rules)
2833933 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 2 (trojan.rules)
2833934 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 3 (trojan.rules)
2833935 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 4 (trojan.rules)
2833936 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 5 (trojan.rules)

[///]     Modified active rules:     [///]

2821712 - ETPRO POLICY RealThinClient Session Init (policy.rules)
2827808 - ETPRO TROJAN Backdoor/MSM Stealer Checkin (trojan.rules)
2833566 - ETPRO CURRENT_EVENTS Possible Novidade EK Attempting Intranet Router Compromise M8 (Bruteforce) (current_events.rules)

Date: 
Friday, December 14, 2018 - 00:00