[***]            Summary:            [***]

6 new Open, 33 new Pro (6 + 27). PhpMyAdminBrute, Evil Keitaro, Various SSL certs, Various phishing.

[+++]          Added rules:          [+++]

2026799 - ET TROJAN Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI) (trojan.rules)
2026800 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM) (trojan.rules)
2026801 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM) (trojan.rules)
2026802 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM) (trojan.rules)
2026803 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM) (trojan.rules)
2026804 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM) (trojan.rules)
2834351 - ETPRO TROJAN Win32/Jilani Bot CnC Checkin (trojan.rules)
2834352 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-01-14 Domain (officeboxwork .blogspot .com in TLS SNI) (current_events.rules)
2834353 - ETPRO TROJAN Win32/Scarsi Variant CnC Activity (trojan.rules)
2834354 - ETPRO TROJAN Unknown Knopcode CnC Activity (trojan.rules)
2834355 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2019-01-14 (current_events.rules)
2834356 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-14 (current_events.rules)
2834357 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-01-14 (current_events.rules)
2834358 - ETPRO CURRENT_EVENTS Successful Whatsapp Group Phish 2019-01-14 (current_events.rules)
2834359 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-14 (current_events.rules)
2834360 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-14 (current_events.rules)
2834361 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-01-14 (current_events.rules)
2834362 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-01-14 (current_events.rules)
2834363 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-01-14 (current_events.rules)
2834364 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-14 (current_events.rules)
2834365 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-14 (current_events.rules)
2834366 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (da556) (current_events.rules)
2834367 - ETPRO TROJAN Win32/PhpMyAdminBrute CnC Checkin (trojan.rules)
2834368 - ETPRO TROJAN Win32/PhpMyAdminBrute Requesting Brute Force List (flowbit set) (trojan.rules)
2834369 - ETPRO TROJAN Win32/PhpMyAdminBrute Brute Force List Inbound (trojan.rules)
2834370 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834371 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834372 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834373 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834374 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834375 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834376 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834377 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2026616 - ET CURRENT_EVENTS Observed Malicious SSL Cert (ServHelper CnC) (current_events.rules)
2026767 - ET TROJAN Observed Malicious SSL Cert (ServHelper RAT CnC) (trojan.rules)
2026768 - ET TROJAN ServHelper RAT CnC Domain Observed in SNI (trojan.rules)
2832058 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (20b13) (current_events.rules)
2833553 - ETPRO TROJAN ServHelper RAT CnC Domain Observed in SNI (trojan.rules)
2834171 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2834223 - ETPRO TROJAN Trojan.MSIL.Gupsip Checkin 2 (trojan.rules)

Date: 
Sunday, January 13, 2019 - 22:00