[***]            Summary:            [***]

2 new Open, 35 new Pro (2 + 33). MSIL.Orion, Lelena, Ursnif, Various CoinMiners.

Happy Holidays from the Emerging Threats team!

[+++]          Added rules:          [+++]

Open:

2026741 - ET TROJAN MSIL.Orion Stealer Exfil via FTP (trojan.rules)
2026742 - ET POLICY Observed DNS Query to Free Hosting Domain (.free .bg) (policy.rules)

Pro:

2834052 - ETPRO MOBILE_MALWARE Android.SmsSpy.A8296 Reporting Infection via SMTP (mobile_malware.rules)
2834053 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.BJ <http://spy.smsspy.bj/> Contact Exfil via SMTP (mobile_malware.rules)
2834054 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 1) (trojan.rules)
2834055 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 2) (trojan.rules)
2834056 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 3) (trojan.rules)
2834057 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 4) (trojan.rules)
2834058 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 5) (trojan.rules)
2834059 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 6) (trojan.rules)
2834060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 7) (trojan.rules)
2834061 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 8) (trojan.rules)
2834062 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 9) (trojan.rules)
2834063 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 10) (trojan.rules)
2834064 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 11) (trojan.rules)
2834065 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 12) (trojan.rules)
2834066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 13) (trojan.rules)
2834067 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 14) (trojan.rules)
2834068 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 15) (trojan.rules)
2834069 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-12-21) (trojan.rules)
2834070 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834071 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834072 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834073 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834074 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2834075 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834076 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834077 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834078 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834079 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834080 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834081 - ETPRO TROJAN Lelena CnC Program Files Listing (trojan.rules)
2834082 - ETPRO TROJAN Lelena CnC Host Info Beacon (trojan.rules)
2834083 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2834084 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2831664 - ETPRO CURRENT_EVENTS Successful Bank of America M2 Phish 2018-07-10 (current_events.rules)

Date: 
Friday, December 21, 2018 - 00:00