[***]            Summary:            [***]

2 new Open, 36 new Pro (2 + 34). Cayosin Botnet, Remcos RAT, Various Android, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026876 - ET USER_AGENTS Cayosin Botnet User-Agent Observed (user_agents.rules)
2026877 - ET USER_AGENTS Cayosin Botnet User-Agent Observed (user_agents.rules)

Pro:

2834695 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.qw CnC Beacon (mobile_malware.rules)
2834696 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.gDIQW Checkin (mobile_malware.rules)
2834697 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.O CnC Beacon 2 (mobile_malware.rules)
2834698 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.ME CnC Beacon (mobile_malware.rules)
2834699 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 461 (mobile_malware.rules)
2834700 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.br Checkin (mobile_malware.rules)
2834701 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.dl Checkin (mobile_malware.rules)
2834702 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.k CnC Beacon (mobile_malware.rules)
2834703 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Tekwon.a CnC Beacon (mobile_malware.rules)
2834704 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Updtbot.b CnC Beacon (mobile_malware.rules)
2834705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-04 1) (trojan.rules)
2834706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-04 2) (trojan.rules)
2834707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-04 3) (trojan.rules)
2834708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-04 4) (trojan.rules)
2834709 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-04) (current_events.rules)
2834710 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2019-02-04 (current_events.rules)
2834711 - ETPRO CURRENT_EVENTS Successful Proximus Skynet Webmail Phish 2019-02-04 (current_events.rules)
2834712 - ETPRO CURRENT_EVENTS Successful Credit Credit Card Information Phish 2019-02-04 (current_events.rules)
2834713 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-02-04 (current_events.rules)
2834714 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2019-02-04 (current_events.rules)
2834715 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2019-02-04 (current_events.rules)
2834716 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2019-02-04 (current_events.rules)
2834717 - ETPRO CURRENT_EVENTS PowerShell Inbound with Antivirus Enumeration and Downloading Capabilities (current_events.rules)
2834718 - ETPRO CURRENT_EVENTS Inbound Malicious PowerShell Observed in Fallout EK Campaigns (current_events.rules)
2834719 - ETPRO TROJAN SSL/TLS Certificate Observed (Unknown from Fallout EK) (trojan.rules)
2834720 - ETPRO TROJAN Win32/Remcos RAT Checkin 88 (trojan.rules)
2834721 - ETPRO TROJAN Win32/Remcos RAT Checkin 89 (trojan.rules)
2834722 - ETPRO TROJAN Win32/Remcos RAT Checkin 90 (trojan.rules)
2834723 - ETPRO TROJAN Win32/Remcos RAT Checkin 91 (trojan.rules)
2834724 - ETPRO TROJAN Possible Middle East APT DNS Lookup (trojan.rules)
2834725 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2834726 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2834727 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2834728 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)

[///]     Modified active rules:     [///]

2024991 - ET TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)

Date: 
Sunday, February 3, 2019 - 22:00