[***]            Summary:            [***]

24 new Open, 46 new Pro (24 + 22). DarkHydrus, AZORult, BackConnect, Various Phishing, Coinminers.

[+++]          Added rules:          [+++]

Open:

2026775 - ET TROJAN APT DarkHydrus DNS Lookup 1 (trojan.rules)
2026776 - ET TROJAN APT DarkHydrus DNS Lookup 2 (trojan.rules)
2026777 - ET TROJAN APT DarkHydrus DNS Lookup 3 (trojan.rules)
2026778 - ET TROJAN APT DarkHydrus DNS Lookup 4 (trojan.rules)
2026779 - ET TROJAN APT DarkHydrus DNS Lookup 5 (trojan.rules)
2026780 - ET TROJAN APT DarkHydrus DNS Lookup 6 (trojan.rules)
2026781 - ET TROJAN APT DarkHydrus DNS Lookup 7 (trojan.rules)
2026782 - ET TROJAN APT DarkHydrus DNS Lookup 8 (trojan.rules)
2026783 - ET TROJAN APT DarkHydrus DNS Lookup 9 (trojan.rules)
2026784 - ET TROJAN APT DarkHydrus DNS Lookup 10 (trojan.rules)
2026785 - ET TROJAN APT DarkHydrus DNS Lookup 11 (trojan.rules)
2026786 - ET TROJAN APT DarkHydrus DNS Lookup 12 (trojan.rules)
2026787 - ET TROJAN APT DarkHydrus DNS Lookup 13 (trojan.rules)
2026788 - ET TROJAN APT DarkHydrus DNS Lookup 14 (trojan.rules)
2026789 - ET TROJAN APT DarkHydrus DNS Lookup 15 (trojan.rules)
2026790 - ET TROJAN APT DarkHydrus DNS Lookup 16 (trojan.rules)
2026791 - ET TROJAN APT DarkHydrus DNS Lookup 17 (trojan.rules)
2026792 - ET TROJAN APT DarkHydrus DNS Lookup 18 (trojan.rules)
2026793 - ET TROJAN APT DarkHydrus DNS Lookup 19 (trojan.rules)
2026794 - ET TROJAN APT DarkHydrus DNS Lookup 20 (trojan.rules)
2026795 - ET TROJAN APT DarkHydrus DNS Lookup 21 (trojan.rules)
2026796 - ET TROJAN APT DarkHydrus DNS Lookup 22 (trojan.rules)
2026797 - ET TROJAN APT DarkHydrus DNS Lookup 23 (trojan.rules)
2026798 - ET TROJAN APT DarkHydrus DNS Lookup 24 (trojan.rules)

Pro:

2833338 - ETPRO TROJAN VBS/Agent.Y UA Observed (Cactus/1.6) (trojan.rules)
2834330 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.FK Checkin (mobile_malware.rules)
2834331 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-11 1) (trojan.rules)
2834332 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-11 2) (trojan.rules)
2834333 - ETPRO TROJAN BackConnect RAT Checkin (trojan.rules)
2834334 - ETPRO TROJAN AZORult CnC Beacon M2 (trojan.rules)
2834335 - ETPRO TROJAN AZORult CnC Beacon M3 (trojan.rules)
2834336 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-11 (current_events.rules)
2834337 - ETPRO CURRENT_EVENTS Successful Bank of America Security Questions Phish 2019-01-11 (current_events.rules)
2834338 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-11 (current_events.rules)
2834339 - ETPRO CURRENT_EVENTS Successful Spotify Credit Card Information Phish 2019-01-11 (current_events.rules)
2834340 - ETPRO CURRENT_EVENTS Successful Bank Phish 2019-01-11 (current_events.rules)
2834341 - ETPRO CURRENT_EVENTS Successful Earthlink Credit Card Information Phish 2019-01-11 (current_events.rules)
2834342 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-01-11 (current_events.rules)
2834343 - ETPRO CURRENT_EVENTS Successful Google Account Change Password Phish 2019-01-11 (current_events.rules)
2834344 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Credit Union Phish 2019-01-08 (current_events.rules)
2834345 - ETPRO CURRENT_EVENTS Successful Tesco Bank Credit Card Information Phish 2019-01-11 (current_events.rules)
2834346 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish 2019-01-11 (current_events.rules)
2834347 - ETPRO CURRENT_EVENTS Successful Impots Gouv Fr Credit Card Phish 2019-01-11 (current_events.rules)
2834348 - ETPRO CURRENT_EVENTS Successful Bluehost Phish 2019-01-11 (current_events.rules)
2834349 - ETPRO CURRENT_EVENTS Successful Beobank FR Phish 2019-01-11 (current_events.rules)
2834350 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-11 (current_events.rules)

[///]     Modified active rules:     [///]

2831237 - ETPRO TROJAN Netwire RAT Keep-Alive (Outbound) (trojan.rules)

[---]         Removed rules:         [---]

2833338 - ETPRO USER_AGENTS VBS/Agent.Y UA Observed (Cactus/1.6) (user_agents.rules)

Date: 
Thursday, January 10, 2019 - 22:00