[***]            Summary:            [***]

3 new Open, 29 new Pro (3 + 26). NanoCore RAT, Async RAT, Various phishing.

Thanks: James Lay, Fernando Delgado

[+++]          Added rules:          [+++]

Open:

2026823 - ET TROJAN OSX/LamePyre Screenshot Upload (trojan.rules)
2026824 - ET TROJAN AtomLogger Exfil via FTP (trojan.rules)
2026825 - ET TROJAN Atom Logger exfil via SMTP (trojan.rules)

Pro:

2834430 - ETPRO MOBILE_MALWARE Android/Autoins.C Device Info Exfil (mobile_malware.rules)
2834431 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon (mobile_malware.rules)
2834432 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon 2 (mobile_malware.rules)
2834433 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon 3 (mobile_malware.rules)
2834434 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon 4 (mobile_malware.rules)
2834435 - ETPRO CURRENT_EVENTS Credential Phishing DNS Lookup Jan 17 2019 (current_events.rules)
2834436 - ETPRO INFO Cloudflare DNS Over TLS Certificate Inbound (info.rules)
2834437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-17 1) (trojan.rules)
2834438 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-17 2) (trojan.rules)
2834439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-17 3) (trojan.rules)
2834440 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-17 4) (trojan.rules)
2834441 - ETPRO TROJAN NanoCore RAT CnC 26 (trojan.rules)
2834442 - ETPRO POLICY External IP Address Lookup via api .sypexgeo .net (policy.rules)
2834443 - ETPRO USER_AGENTS Suspicious User-Agent (WinInet Test) (user_agents.rules)
2834444 - ETPRO TROJAN Throwback Beacon M1 (trojan.rules)
2834445 - ETPRO TROJAN Throwback Beacon M2 (trojan.rules)
2834446 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 3 (trojan.rules)
2834447 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-01-17 (current_events.rules)
2834448 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-17 (current_events.rules)
2834449 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish 2019-01-17 (current_events.rules)
2834450 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-17 (current_events.rules)
2834451 - ETPRO CURRENT_EVENTS Successful TV Licensing Phish 2019-01-17 (current_events.rules)
2834452 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-17 (current_events.rules)
2834453 - ETPRO CURRENT_EVENTS Successful Metro Bank Phish 2019-01-17 (current_events.rules)
2834454 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-17 (current_events.rules)
2834455 - ETPRO TROJAN Async RAT v1.8 CnC Keep-Alive (trojan.rules)

[///]     Modified active rules:     [///]

2012647 - ET POLICY Dropbox.com Offsite File Backup in Use (policy.rules)
2026739 - ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246) (web_specific_apps.rules)
2830701 - ETPRO TROJAN W32/Emotet CnC Checkin (trojan.rules)

Date: 
Wednesday, January 16, 2019 - 22:00