[***]            Summary:            [***]

4 new Open, 31 new Pro (4 + 27). Pascalcoin Miner, Various Phishing, Crimson CnC, Hasicorp RCE, Various Coinminers.

[+++]          Added rules:          [+++]

Open:

2026747 - ET INFO maas.io Image Download Flowbit Set (info.rules)
2026748 - ET CURRENT_EVENTS Apple Phishing Redirect 2019-01-02 (current_events.rules)
2026749 - ET CURRENT_EVENTS Suspicious Generic Login - Possible Successful Phish 2019-01-02 (current_events.rules)
2026750 - ET POLICY Random Hash Pascalcoin Miner Checkin (policy.rules)

Pro:

2834163 - ETPRO EXPLOIT Hashicorp Consul RCE Set Command Inbound (exploit.rules)
2834164 - ETPRO EXPLOIT Hashicorp Consul RCE Vuln Check Inbound (exploit.rules)
2834165 - ETPRO EXPLOIT Hashicorp Consul RCE via Services API (exploit.rules)
2834166 - ETPRO EXPLOIT DSL-2770L Credential Disclosure Attempt (exploit.rules)
2834167 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-02 1) (trojan.rules)
2834168 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-02 2) (trojan.rules)
2834169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-02 3) (trojan.rules)
2834170 - ETPRO TROJAN MSIL/Crimson CnC Server Command (cscreen) (trojan.rules)
2834171 - ETPRO TROJAN Observed Malicious SSL Cert (BrushLoader CnC) (trojan.rules)
2834172 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-01-02) (current_events.rules)
2834173 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-01-02 (current_events.rules)
2834174 - ETPRO CURRENT_EVENTS Successful 1&1 Phish 2019-01-02 (current_events.rules)
2834175 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-01-02 (current_events.rules)
2834176 - ETPRO CURRENT_EVENTS Successful Impots.Gouv.Fr Phish 2019-01-02 (current_events.rules)
2834177 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-01-02 (current_events.rules)
2834178 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-02 (current_events.rules)
2834179 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-01-02 (current_events.rules)
2834180 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-02 (current_events.rules)
2834181 - ETPRO CURRENT_EVENTS Possible Successful Generic HR Login Phish 2019-01-02 (current_events.rules)
2834182 - ETPRO CURRENT_EVENTS Possible Successful Generic Mailbox Update Phish 2019-01-02 (current_events.rules)
2834183 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-01-02 (current_events.rules)
2834184 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2019-01-02 (current_events.rules)
2834185 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-02 (current_events.rules)
2834186 - ETPRO TROJAN Win32/Tiggre!rfn CnC Initial Checkin (trojan.rules)
2834187 - ETPRO TROJAN Win32/Tiggre!rfn CnC Download Request (trojan.rules)
2834188 - ETPRO TROJAN Pascalcoin Miner Dropper CnC Initial Checkin (trojan.rules)
2834189 - ETPRO TROJAN Pascalcoin Miner Dropper CnC Report Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2008438 - ET TROJAN Possible Windows executable sent when remote host claims to send a Text File (trojan.rules)
2026720 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 2 (trojan.rules)
2026721 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 1 (trojan.rules)
2026727 - ET TROJAN Lucky Ransomware Reporting Successful File Encryption (trojan.rules)
2807406 - ETPRO USER_AGENTS Suspicious compatib1e UA Observed (user_agents.rules)
2833896 - ETPRO TROJAN MSIL/Mintluks.A Checkin (trojan.rules)
2833899 - ETPRO POLICY MadExcept Sending Bug Report (policy.rules)

Date: 
Tuesday, January 1, 2019 - 22:00