[***]            Summary:            [***]

8 new Open, 28 new Pro (8 + 20). Huadh/ServHelp/FlawedGrace, Blackworm, Various Phishing, Coinminers.

[+++]          Added rules:          [+++]

Open:

2026767 - ET TROJAN Observed Malicious SSL Cert (HuadhServHelper RAT CnC) (trojan.rules)
2026768 - ET TROJAN HuadhServHelper RAT CnC Domain Observed in SNI (trojan.rules)
2026769 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2026770 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2026771 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2026772 - ET TROJAN ServHelper CnC Inital Checkin (trojan.rules)
2026773 - ET TROJAN FlawedGrace CnC Activity (trojan.rules)
2026774 - ET INFO DNS Over TLS Request Outbound (info.rules)

Pro:

2834310 - ETPRO TROJAN MSIL.Blackworm RAT Checkin (trojan.rules)
2834311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-10 1) (trojan.rules)
2834312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-10 2) (trojan.rules)
2834313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-10 3) (trojan.rules)
2834314 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-10 4) (trojan.rules)
2834315 - ETPRO TROJAN Unk.Backdoor CnC Checkin (trojan.rules)
2834316 - ETPRO TROJAN Observed Malicious SSL Cert (Caminho DL 2018-01-10) (trojan.rules)
2834317 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-10 (current_events.rules)
2834318 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-10 (current_events.rules)
2834319 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-01-10 (current_events.rules)
2834320 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-10 (current_events.rules)
2834321 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-10 (current_events.rules)
2834322 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-10 (current_events.rules)
2834323 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-10 (current_events.rules)
2834324 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-01-10 (current_events.rules)
2834325 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-01-10 (current_events.rules)
2834326 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-01-10 (current_events.rules)
2834327 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-01-10 (current_events.rules)
2834328 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-01-10 (current_events.rules)
2834329 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2019-01-10 (current_events.rules)

[///]     Modified active rules:     [///]

2007942 - ET USER_AGENTS Suspicious User Agent (_) (user_agents.rules)
2019312 - ET TROJAN Sourtoff Download Simda Request (trojan.rules)
2810276 - ETPRO TROJAN AZORult CnC Beacon M1 (trojan.rules)
2832759 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload 2018-09-24 (current_events.rules)

[---]         Removed rules:         [---]

2828489 - ETPRO TROJAN FlawedGrace CnC Activity (trojan.rules)
2833522 - ETPRO TROJAN Observed Malicious SSL Cert (HuadhServHelper RAT CnC) (trojan.rules)
2833552 - ETPRO TROJAN HuadhServHelper RAT CnC Domain Observed in SNI (trojan.rules)
2833881 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2833985 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2834074 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2834233 - ETPRO TROJAN ServHelper CnC Inital Checkin (trojan.rules)

Date: 
Wednesday, January 9, 2019 - 22:00