[***]            Summary:            [***]

4 new Open, 41 new Pro (4 + 37). Shakblades, Nomadbanker, Teambot, Coinminers, Various Phishing.

Thanks: PTSecurity

[+++]          Added rules:          [+++]

Open:

2026851 - ET TROJAN TeamBot CnC Activity (trojan.rules)
2026852 - ET TROJAN [PTsecurity] Remcos RAT Checkin 85 (trojan.rules)
2026853 - ET TROJAN [PTsecurity] Remcos RAT Checkin 86 (trojan.rules)
2026854 - ET TROJAN [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response (trojan.rules)

Pro:

2834536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li Checkin (mobile_malware.rules)
2834537 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li CnC Beacon (mobile_malware.rules)
2834538 - ETPRO TROJAN MSIL.Shakblades SMTP Exfil (trojan.rules)
2834539 - ETPRO TROJAN MSIL.ChadowTek.G RAT Checkin (trojan.rules)
2834540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 1) (trojan.rules)
2834541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 2) (trojan.rules)
2834542 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 3) (trojan.rules)
2834543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 4) (trojan.rules)
2834544 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 5) (trojan.rules)
2834545 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-24 6) (trojan.rules)
2834546 - ETPRO TROJAN W32.NomadBanker.BR Checkin (trojan.rules)
2834547 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2834548 - ETPRO TROJAN Observed Malicious SSL Cert (Unknown CnC) (trojan.rules)
2834549 - ETPRO CURRENT_EVENTS AutoIt EXE Download From DropBox (current_events.rules)
2834550 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2019-01-24 (current_events.rules)
2834551 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-01-24 (current_events.rules)
2834552 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2019-01-24 (current_events.rules)
2834553 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-24 (current_events.rules)
2834554 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-24 (current_events.rules)
2834555 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-24 (current_events.rules)
2834556 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-01-24 (current_events.rules)
2834557 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-01-24 (current_events.rules)
2834558 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-01-24 (current_events.rules)
2834559 - ETPRO CURRENT_EVENTS Successful Moonton Phish 2019-01-24 (current_events.rules)
2834560 - ETPRO CURRENT_EVENTS Successful VK Phish 2019-01-24 (current_events.rules)
2834561 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-24 (current_events.rules)
2834562 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-01-24 (current_events.rules)
2834563 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-24 (current_events.rules)
2834564 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-24 (current_events.rules)
2834565 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-01-24 (current_events.rules)
2834566 - ETPRO TROJAN Throwback Beacon M3 (trojan.rules)
2834567 - ETPRO MALWARE Win32/Restoro PUP Checkin (malware.rules)
2834568 - ETPRO MALWARE Win32/GuaGua Adware Checkin (malware.rules)
2834569 - ETPRO TROJAN Win32/Spy.Agent.OLP CnC Checkin (trojan.rules)
2834570 - ETPRO TROJAN DNS Query for Known Malicious Host Observed Serving NetSupport RAT (trojan.rules)
2834571 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound Leading to EK (d8d93) (current_events.rules)
2834572 - ETPRO CURRENT_EVENTS Code Page 1251 Set Obfuscated Batch Script Inbound 2019-01-24 (current_events.rules)

Date: 
Wednesday, January 23, 2019 - 22:00