[***]            Summary:            [***]

3 new Open, 27 new Pro (3 + 24). APT 28, NRSMiner, Various Phishing, Coinminers.

Thanks: James Lay

[+++]          Added rules:          [+++]

Open:

2026760 - ET TROJAN JS/Unk Downloader 0 Byte POST CnC Checkin (trojan.rules)
2026761 - ET POLICY External IP Address Lookup via vtransmit .com (policy.rules)
2026762 - ET TROJAN APT28 Zebrocy/Zekapab Reporting to CnC M3 (trojan.rules)

Pro:

2834242 - ETPRO MOBILE_MALWARE Android.Trojan.FakeApp.EV Checkin (mobile_malware.rules)
2834243 - ETPRO MOBILE_MALWARE Android.Riskware.MobilePay.AU CnC Beacon (mobile_malware.rules)
2834244 - ETPRO MOBILE_MALWARE Trojan.Android.Apptrack.flinok CnC Beacon (mobile_malware.rules)
2834245 - ETPRO TROJAN MSIL.Goliath Stealer Checkin (trojan.rules)
2834246 - ETPRO TROJAN W64.NRSMiner Checkin 1 (trojan.rules)
2834247 - ETPRO TROJAN W64.NRSMiner Checkin 2 (trojan.rules)
2834248 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 1) (trojan.rules)
2834249 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 2) (trojan.rules)
2834250 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 3) (trojan.rules)
2834251 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 4) (trojan.rules)
2834252 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 5) (trojan.rules)
2834253 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 6) (trojan.rules)
2834254 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-07 7) (trojan.rules)
2834255 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2834256 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-01-07) (current_events.rules)
2834257 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2019-01-07 (current_events.rules)
2834258 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-07 (current_events.rules)
2834259 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-07 (current_events.rules)
2834260 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-07 (current_events.rules)
2834261 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-07 (current_events.rules)
2834262 - ETPRO CURRENT_EVENTS Successful ShipMoney Phish 2019-01-07 (current_events.rules)
2834263 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish 2019-01-07 (current_events.rules)
2834264 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2019-01-07 (current_events.rules)
2834265 - ETPRO TROJAN Win32/Remcos RAT Checkin 83 (trojan.rules)

[///]     Modified active rules:     [///]

2012087 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012090 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012091 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012092 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012093 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)

[///]    Modified inactive rules:    [///]

2012088 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012089 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)

Date: 
Sunday, January 6, 2019 - 22:00