[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 20). Silent Downloader, Ursnif, HalfStealer, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026737 - ET TROJAN Observed GandCrab Domain (gandcrab .bit) (trojan.rules)

Pro:

2833966 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 454 (mobile_malware.rules)
2833967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 455 (mobile_malware.rules)
2833968 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 456 (mobile_malware.rules)
2833969 - ETPRO TROJAN Silent Downloader CnC Initial Request (trojan.rules)
2833970 - ETPRO TROJAN Silent Downloader CnC Checkin (trojan.rules)
2833971 - ETPRO TROJAN HalfStealer CnC Checkin (trojan.rules)
2833972 - ETPRO TROJAN Abadon Backdoor CnC Checkin (trojan.rules)
2833973 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-12-18 Domain (www .beautymakeup .ca in TLS SNI) (current_events.rules)
2833974 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-12-18 2) (current_events.rules)
2833975 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833976 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL) (trojan.rules)
2833977 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833978 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-12-18 (current_events.rules)
2833979 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-12-18 (current_events.rules)
2833980 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2018-12-18 (current_events.rules)
2833981 - ETPRO CURRENT_EVENTS Successful Cembra Phish 2018-12-18 (current_events.rules)
2833982 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC) (trojan.rules)
2833983 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC) (trojan.rules)
2833984 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC) (trojan.rules)
2833985 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2026576 - ET TROJAN APT33/CharmingKitten Shellcode Communicating with CnC (trojan.rules)

[---]  Disabled and modified rules:  [---]

2810851 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VOG Retrieving compressed PE set (trojan.rules)
2810852 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VOG Receiving compressed PE (trojan.rules)
2811225 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VOG Retrieving compressed PE set (ZIP) (trojan.rules)
2814000 - ETPRO TROJAN Win32/TrojanDownloader.Banload Retrieving compressed PE set (ZIP) (trojan.rules)

Date: 
Tuesday, December 18, 2018 - 00:00