[***]            Summary:            [***]

4 new Open, 26 new Pro (4 + 22). PS/Gupsip Variant, Win32.Kolab.a, Various SSL certs, Various phishing.

Thanks: @malwrhunterteam

[+++]          Added rules:          [+++]

Open:

2026819 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC) (trojan.rules)
2026820 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC) (trojan.rules)
2026821 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)
2026822 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)

Pro:

2834408 - ETPRO TROJAN Win32.Kolab.a Checkin (trojan.rules)
2834409 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-16 1) (trojan.rules)
2834410 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-16 2) (trojan.rules)
2834411 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound Leading to EK (fac27) (current_events.rules)
2834412 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound Leading to EK (9d5e3) (current_events.rules)
2834413 - ETPRO CURRENT_EVENTS Fallout EK Activity 2019-01-16 (current_events.rules)
2834414 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2019-01-16 (current_events.rules)
2834415 - ETPRO CURRENT_EVENTS Successful 163 Phish 2019-01-16 (current_events.rules)
2834416 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-01-16 (current_events.rules)
2834417 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-01-16 (current_events.rules)
2834418 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-01-16 (current_events.rules)
2834419 - ETPRO CURRENT_EVENTS Successful Global Sources Phish 2019-01-16 (current_events.rules)
2834420 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-16 (current_events.rules)
2834421 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-16 (current_events.rules)
2834422 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-01-16 (current_events.rules)
2834423 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-01-16 (current_events.rules)
2834424 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-01-16 (current_events.rules)
2834425 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-16 (current_events.rules)
2834426 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2834427 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC) (trojan.rules)
2834428 - ETPRO TROJAN Gozi Worker CnC Domain in SNI (trojan.rules)
2834429 - ETPRO TROJAN PS/Gupsip Variant CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2023424 - ET TROJAN SA Banker Checkin (trojan.rules)
2826980 - ETPRO TROJAN MSIL/Agent.SNQ POST with System Info (trojan.rules)
2834354 - ETPRO TROJAN Knopcode CnC Activity (trojan.rules)

Date: 
Tuesday, January 15, 2019 - 22:00