[***]            Summary:            [***]

3 new Open, 25 new Pro (3 + 22). CoreDn, Zepakab SSL, AridViper CnC, Various Phishing.

Thanks: Tiago Faria

[+++]          Added rules:          [+++]

Open:

2026864 - ET TROJAN Observed Malicious SSL Cert (Zepakab CnC) (trojan.rules)
2026865 - ET TROJAN CoreDn CnC Checkin M1 (trojan.rules)
2026866 - ET TROJAN CoreDn CnC Checkin M2 (trojan.rules)

Pro:

2834663 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Evil Keitaro) (current_events.rules)
2834664 - ETPRO CURRENT_EVENTS Observed Evil Keitaro Domain in DNS Lookup (current_events.rules)
2834665 - ETPRO CURRENT_EVENTS Observed Evil Keitaro Domain in TLS SNI (current_events.rules)
2834666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-31 1) (trojan.rules)
2834667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-31 2) (trojan.rules)
2834668 - ETPRO CURRENT_EVENTS DreamTeam TDS Redirect Activity (current_events.rules)
2834669 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-01-31 (current_events.rules)
2834670 - ETPRO CURRENT_EVENTS Successful Shaw Phish 2019-01-31 (current_events.rules)
2834671 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-01-31 (current_events.rules)
2834672 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-01-31 (current_events.rules)
2834673 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-01-31 (current_events.rules)
2834674 - ETPRO TROJAN AridViper CnC Checkin (trojan.rules)
2834675 - ETPRO TROJAN AridViper Screenshot Upload (trojan.rules)
2834676 - ETPRO TROJAN AridViper CnC Activity (trojan.rules)
2834677 - ETPRO CURRENT_EVENTS Successful Optus Phish 2019-01-31 (current_events.rules)
2834678 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-01-31 (current_events.rules)
2834679 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-01-31 (current_events.rules)
2834680 - ETPRO CURRENT_EVENTS Successful Zoominfo Phish 2019-01-31 (current_events.rules)
2834681 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2834682 - ETPRO TROJAN Observed Malicious SSL Cert (Upatre CnC) (trojan.rules)
2834683 - ETPRO TROJAN Danabot CnC Checkin (flowbit set) (trojan.rules)
2834684 - ETPRO TROJAN Danabot Successful CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2012252 - ET SHELLCODE Common 0a0a0a0a Heap Spray String (shellcode.rules)
2826555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Reporting via SMTP (mobile_malware.rules)
2834526 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-01-23 (current_events.rules)

Date: 
Wednesday, January 30, 2019 - 22:00