[***]            Summary:            [***]

4 new Open, 32 new Pro (4 + 28). Goliath, DarkHydrus, Various Phishing, Coinminers.

Thanks: James Lay, PTsecurity

[+++]          Added rules:          [+++]

Open:

2026756 - ET TROJAN Ursa Loader CnC Checkin (trojan.rules)
2026757 - ET TROJAN Observed Malicious SSL Cert (SedUploader) (trojan.rules)
2026758 - ET INFO External Host Probing for ChromeCast Devices (info.rules)
2026759 - ET TROJAN TitanFox Loader CnC Checkin (trojan.rules)

Pro:

2834214 - ETPRO TROJAN SedUploader Domain Observed in DNS Lookup (trojan.rules)
2834215 - ETPRO TROJAN SedUploader Domain Observed in TLS SNI (trojan.rules)
2834216 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-04 1) (trojan.rules)
2834217 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-04 2) (trojan.rules)
2834218 - ETPRO TROJAN SSL/TLS Certificate Observed (DarkHydrus) (trojan.rules)
2834219 - ETPRO TROJAN DarkHydrus Domain in DNS Lookup (trojan.rules)
2834220 - ETPRO TROJAN DarkHydrus Domain in TLS SNI (trojan.rules)
2834221 - ETPRO TROJAN Trojan.MSIL.Albain Stealer Exfil (trojan.rules)
2834222 - ETPRO TROJAN Trojan.MSIL.Gupsip Checkin 1 (trojan.rules)
2834223 - ETPRO TROJAN Trojan.MSIL.Gupsip Checkin 2 (trojan.rules)
2834224 - ETPRO TROJAN BR.Banker Backdoor CnC Checkin (trojan.rules)
2834225 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-01-04 (current_events.rules)
2834226 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-04 (current_events.rules)
2834227 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-04 (current_events.rules)
2834228 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-04 (current_events.rules)
2834229 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-01-04 (current_events.rules)
2834230 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-01-04 (current_events.rules)
2834231 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-01-04 (current_events.rules)
2834232 - ETPRO CURRENT_EVENTS Successful Mailbox Phish 2019-01-04 (current_events.rules)
2834233 - ETPRO TROJAN ServHelper CnC Inital Checkin (trojan.rules)
2834234 - ETPRO TROJAN Goliath HTTP Bot CnC Checkin (trojan.rules)
2834235 - ETPRO TROJAN Goliath HTTP Bot CnC Confirm (trojan.rules)
2834236 - ETPRO TROJAN Goliath HTTP Bot CnC Key (trojan.rules)
2834237 - ETPRO TROJAN CoinMiner Loader PowerShell Script Inbound (trojan.rules)
2834238 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2834239 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2834240 - ETPRO TROJAN JS Payload Containing PowerShell Downloader Inbound (trojan.rules)
2834241 - ETPRO TROJAN Win32/Spy.Keylogger.PSW Variant CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2821355 - ETPRO TROJAN Win32/N40 Banker Reporting Infection (trojan.rules)
2831589 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in DNS Lookup) (trojan.rules)

[---]         Disabled rules:        [---]

2833863 - ETPRO TROJAN Ursa Loader CnC Checkin (trojan.rules)

Date: 
Thursday, January 3, 2019 - 22:00