[***]            Summary:            [***]

5 new Open, 24 new Pro (5 + 19). VNCold Backdoor, Win32/Remcos RAT, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026894 - ET CURRENT_EVENTS Successful Generic .EDU.CO Phish (Legit Set) (current_events.rules)
2026895 - ET CURRENT_EVENTS Successful Generic .EDU.BR Phish (Legit Set) (current_events.rules)
2026896 - ET POLICY Known External IP Lookup Service Domain in SNI (policy.rules)
2026897 - ET POLICY IP Logger Redirect Domain in SNI (policy.rules)
2026898 - ET USER_AGENTS Suspicious User-Agent (SomeTimes) (user_agents.rules)

Pro:

2834817 - ETPRO TROJAN VNCold Backdoor CnC Checkin (trojan.rules)
2834818 - ETPRO POLICY Observed DNS Query to Known ScreenConnect/ConnectWise Remote Desktop Service Domain (policy.rules)
2834819 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834820 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2019-02-11 (current_events.rules)
2834821 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-11 (current_events.rules)
2834822 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-02-11 (current_events.rules)
2834823 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-02-11 (current_events.rules)
2834824 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-11 (current_events.rules)
2834825 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-11 (current_events.rules)
2834826 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-11 (current_events.rules)
2834827 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11 (current_events.rules)
2834828 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-11 (current_events.rules)
2834829 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11 (current_events.rules)
2834830 - ETPRO CURRENT_EVENTS Successful Indodax Exchange 2019-02-11 (current_events.rules)
2834831 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-11 (current_events.rules)
2834832 - ETPRO CURRENT_EVENTS Successful Personalized Generic Phish 2019-02-11 (current_events.rules)
2834833 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-02-11 (current_events.rules)
2834834 - ETPRO TROJAN Win32/Remcos RAT Checkin 93 (trojan.rules)
2834835 - ETPRO TROJAN Win32/Remcos RAT Checkin 94 (trojan.rules)

[///]     Modified active rules:     [///]

2008233 - ET TROJAN Common Downloader Install Report URL (farfly checkin) (trojan.rules)

Date: 
Sunday, February 10, 2019 - 22:00