[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 20). CVE-2018-20062, Astaroth, N40 MalDoc, Various SSL Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026892 - ET POLICY External IP Address Lookup via iplocation.com (policy.rules)

Pro:

2834774 - ETPRO TROJAN KPOT Stealer Variant CnC Activity (trojan.rules)
2834775 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M1 (exploit.rules)
2834776 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M2 (exploit.rules)
2834777 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834778 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-02-07 Domain (amigosforever .net in TLS SNI) (current_events.rules)
2834779 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-07) (current_events.rules)
2834780 - ETPRO TROJAN N40 MalDoc Requesting Additional VBScript Payload (trojan.rules)
2834781 - ETPRO CURRENT_EVENTS Successful Devspam Phish 2019-02-07 (current_events.rules)
2834782 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-02-07 (current_events.rules)
2834783 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-02-07 (current_events.rules)
2834784 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-02-07 (current_events.rules)
2834785 - ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish 2019-02-07 (current_events.rules)
2834786 - ETPRO CURRENT_EVENTS Successful Sparkasse Credit Card Information Phish 2019-02-07 (current_events.rules)
2834787 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-02-07 (current_events.rules)
2834788 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-02-07 (current_events.rules)
2834789 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-07 (current_events.rules)
2834790 - ETPRO TROJAN Win32/Unk.Downloader Requesting Payload (trojan.rules)
2834791 - ETPRO TROJAN Astaroth Requesting Additional Payloads (trojan.rules)
2834792 - ETPRO TROJAN Inbound JScript with Heavy CharCode Concat and WMIC Usage (trojan.rules)
2834793 - ETPRO TROJAN Inbound JScript Executing Obfuscated Bitsadmin Job (trojan.rules)

[///]     Modified active rules:     [///]

2026876 - ET USER_AGENTS Cayosin Botnet User-Agent Observed M1 (user_agents.rules)
2026877 - ET USER_AGENTS Cayosin Botnet User-Agent Observed M2 (user_agents.rules)
2821122 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.Q Retrieving Payload (trojan.rules)

Date: 
Wednesday, February 6, 2019 - 22:00