[***] Summary: [***]
6 new Open, 26 new Pro (6 + 20). W32.Psyri, Remcos RAT, MSIL/Liatpf, Various Android, Various Phishing.
[+++] Added rules: [+++]
Open:
2026886 - ET CURRENT_EVENTS Possible Successful Generic Phish to .icu Domain 2019-02-06 (current_events.rules)
2026887 - ET INFO HTTP POST Request to Suspicious *.icu domain (info.rules)
2026888 - ET INFO DNS Query for Suspicious .icu Domain (info.rules)
2026889 - ET INFO Suspicious Domain (*.icu) in TLS SNI (info.rules)
2026890 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.icu) (info.rules)
2026891 - ET INFO Possible EXE Download From Suspicious TLD (.icu) - set (info.rules)
Pro:
2834754 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.JiFake.a CnC Beacon (mobile_malware.rules)
2834755 - ETPRO MOBILE_MALWARE Android.Rootnik.AE <http://android.rootnik.ae/> CnC Beacon (mobile_malware.rules)
2834756 - ETPRO MOBILE_MALWARE Android.Trojan.Neucore.gTVQN Checkin (mobile_malware.rules)
2834757 - ETPRO TROJAN Remexi Related CnC Beacon 2 (trojan.rules)
2834758 - ETPRO TROJAN W32.Psyri Checkin (trojan.rules)
2834759 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-06 1) (trojan.rules)
2834760 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-06 2) (trojan.rules)
2834761 - ETPRO ATTACK_RESPONSE mimikatz Output in HTTP POST (attack_response.rules)
2834762 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike Beacon) (trojan.rules)
2834763 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-06) (current_events.rules)
2834764 - ETPRO TROJAN Win32/Remcos RAT Checkin 92 (trojan.rules)
2834765 - ETPRO USER_AGENTS Suspicious User-Agent (MY_DICK) (user_agents.rules)
2834766 - ETPRO TROJAN MSIL/Liatpf RAT Checkin (trojan.rules)
2834767 - ETPRO CURRENT_EVENTS Successful Sony Entertainment Network Account Phish 2019-02-06 (current_events.rules)
2834768 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-02-06 (current_events.rules)
2834769 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-06 (current_events.rules)
2834770 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish 2019-02-06 (current_events.rules)
2834771 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-02-06 (current_events.rules)
2834772 - ETPRO CURRENT_EVENTS Successful Apple Credit Card Information Phish 2019-02-06 (current_events.rules)
2834773 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-02-06 (current_events.rules)
[///] Modified active rules: [///]
2828814 - ETPRO TROJAN VNCStartServer Variant CnC Beacon (trojan.rules)
2834748 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-02-05 (current_events.rules)