[***]            Summary:            [***]

5 new Open, 29 new Pro (5 + 24). APT28, Bitter RAT, POWERTON, Various Phishing, Coinminers.

[+++]          Added rules:          [+++]

Open:

2026751 - ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2 (trojan.rules)
2026752 - ET TROJAN APT28/Sofacy Zebrocy Go Variant CnC Activity (trojan.rules)
2026753 - ET TROJAN APT28/Sofacy Zebrocy Go Variant Downloader Error POST (trojan.rules)
2026754 - ET TROJAN APT28/Sofacy Zebrocy Secondary Payload CnC Checkin (trojan.rules)
2026755 - ET TROJAN APT28/Sofacy Zebrocy Go Variant Checkin (trojan.rules)

Pro:

2834190 - ETPRO TROJAN SSL/TLS Certificate Observed (POWERTON) (trojan.rules)
2834191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-03 1) (trojan.rules)
2834192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-03 2) (trojan.rules)
2834193 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-03 3) (trojan.rules)
2834194 - ETPRO TROJAN Bitter RAT HTTP Dropper Activity (trojan.rules)
2834195 - ETPRO POLICY External IP Address Lookup via ifconfig .co (policy.rules)
2834196 - ETPRO POLICY External IP Address Lookup via api .ip138 .com (policy.rules)
2834197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-03 (current_events.rules)
2834198 - ETPRO CURRENT_EVENTS Successful Paypal Bank Information Phish 2019-01-03 (current_events.rules)
2834199 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-03 (current_events.rules)
2834200 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-03 (current_events.rules)
2834201 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-01-03 (current_events.rules)
2834202 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2019-01-03 (current_events.rules)
2834203 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-01-03 (current_events.rules)
2834204 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-03 (current_events.rules)
2834205 - ETPRO CURRENT_EVENTS Successful Google Docs Phish 2019-01-03 (current_events.rules)
2834206 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-03 (current_events.rules)
2834207 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-03 (current_events.rules)
2834208 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-01-03 (current_events.rules)
2834209 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-01-03 (current_events.rules)
2834210 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-01-03 M1 (current_events.rules)
2834211 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-01-03 M2 (current_events.rules)
2834212 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-01-03 M3 (current_events.rules)
2834213 - ETPRO CURRENT_EVENTS Successful Cox Phish 2019-01-03 (current_events.rules)

[///]     Modified active rules:     [///]

2823700 - ETPRO CURRENT_EVENTS Successful Microsoft Phish Dec 07 2016 (current_events.rules)
2834152 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-31 (current_events.rules)
2834153 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-31 (current_events.rules)

[---]         Disabled rules:        [---]

2833130 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2018-10-16 (current_events.rules)

Date: 
Thursday, January 3, 2019 - 00:00