[***]            Summary:            [***]

21 new Open, 45 new Pro (21 + 24). Nambit RAT, Anubis.d, Coinminers, Various Phishing

Thanks: Nathan Fowler,  Duane Howard

[+++]          Added rules:          [+++]

Open:

2026828 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (areadozemode .space in DNS Lookup) (mobile_malware.rules)
2026829 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (selectnew25mode .space in DNS Lookup) (mobile_malware.rules)
2026830 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (twethujsnu .cc in DNS Lookup) (mobile_malware.rules)
2026831 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (project2anub .xyz in DNS Lookup) (mobile_malware.rules)
2026832 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (taiprotectsq .xyz in DNS Lookup) (mobile_malware.rules)
2026833 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (uwannaplaygame .space in DNS Lookup) (mobile_malware.rules)
2026834 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (projectpredator .space in DNS Lookup) (mobile_malware.rules)
2026835 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (nihaobrazzzahit .top in DNS Lookup) (mobile_malware.rules)
2026836 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (aserogeege .space in DNS Lookup) (mobile_malware.rules)
2026837 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (hdfuckedin18 .top in DNS Lookup) (mobile_malware.rules)
2026838 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dingpsounda .space in DNS Lookup) (mobile_malware.rules)
2026839 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (wantddantiprot .space in DNS Lookup) (mobile_malware.rules)
2026840 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (privateanbshouse .space in DNS Lookup) (mobile_malware.rules)
2026841 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (seconddoxed .space in DNS Lookup) (mobile_malware.rules)
2026842 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (firstdoxed .space in DNS Lookup) (mobile_malware.rules)
2026843 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (oauth3 .html5100 .com in DNS Lookup) (mobile_malware.rules)
2026844 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dosandiq .space in DNS Lookup) (mobile_malware.rules)
2026845 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (protect4juls .space in DNS Lookup) (mobile_malware.rules)
2026846 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (wijariief .space in DNS Lookup) (mobile_malware.rules)
2026847 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (scradm .in in DNS Lookup) (mobile_malware.rules)
2026848 - ET CURRENT_EVENTS Python Eval Compile seen in HTTP Request Headers (current_events.rules)

Pro:

2834486 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d Checkin (mobile_malware.rules)
2834487 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 1) (trojan.rules)
2834488 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 2) (trojan.rules)
2834489 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 3) (trojan.rules)
2834490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 4) (trojan.rules)
2834491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 5) (trojan.rules)
2834492 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-22 6) (trojan.rules)
2834493 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834494 - ETPRO CURRENT_EVENTS Successful 126 Phish 2019-01-22 (current_events.rules)
2834495 - ETPRO CURRENT_EVENTS Successful Telekom Phish 2019-01-22 (current_events.rules)
2834496 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-22 (current_events.rules)
2834497 - ETPRO CURRENT_EVENTS Successful Eir Phish 2019-01-22 (current_events.rules)
2834498 - ETPRO CURRENT_EVENTS Successful British Gas Phish 2019-01-22 (current_events.rules)
2834499 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-22 (current_events.rules)
2834500 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-22 (current_events.rules)
2834501 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-01-22 (current_events.rules)
2834502 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22 (current_events.rules)
2834503 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22 (current_events.rules)
2834504 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22 (current_events.rules)
2834505 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22 (current_events.rules)
2834506 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-01-22 (current_events.rules)
2834507 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-01-22 (current_events.rules)
2834508 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-01-22 (current_events.rules)
2834509 - ETPRO TROJAN Win32/Nambit RAT CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2026552 - ET WEB_SERVER jQuery File Upload Attempt (web_server.rules)
2026826 - ET TROJAN [PTsecurity] Bitter RAT C2 Response (trojan.rules)

Date: 
Monday, January 21, 2019 - 22:00