[***]            Summary:            [***]

2 new Open, 34 new Pro (2 + 32). Seafko CnC, Powerstats, Pterodo, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026899 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2026900 - ET TROJAN BrushaLoader CnC Domain in SNI (trojan.rules)

Pro:

2834836 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.vf Checkin (mobile_malware.rules)
2834837 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.VYPK-3 Reporting Infection via SMTP (mobile_malware.rules)
2834838 - ETPRO TROJAN KORKERDS Miner C2 (trojan.rules)
2834839 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 1) (trojan.rules)
2834840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 2) (trojan.rules)
2834841 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 3) (trojan.rules)
2834842 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 4) (trojan.rules)
2834843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 4) (trojan.rules)
2834844 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 5) (trojan.rules)
2834845 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-12 6) (trojan.rules)
2834846 - ETPRO TROJAN Win32/Pterodo.NQ CnC Checkin (trojan.rules)
2834847 - ETPRO USER_AGENTS Win32/Pterodo.NQ UA Observed (user_agents.rules)
2834848 - ETPRO TROJAN Azvaz Backdoor CnC Checkin (trojan.rules)
2834849 - ETPRO TROJAN Unk.MalDoc Payload CnC Checkin (trojan.rules)
2834850 - ETPRO TROJAN Seafko CnC Initial Checkin (trojan.rules)
2834851 - ETPRO TROJAN Seafko CnC Update IRC Status (trojan.rules)
2834852 - ETPRO TROJAN Seafko CnC Update IRC Server (trojan.rules)
2834853 - ETPRO TROJAN Seafko CnC Screenshot (trojan.rules)
2834854 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity (done) (trojan.rules)
2834855 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity (trojan.rules)
2834856 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-02-12 (current_events.rules)
2834857 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-02-12 (current_events.rules)
2834858 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-12 (current_events.rules)
2834859 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-02-12 (current_events.rules)
2834860 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-02-12 (current_events.rules)
2834861 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-02-12 (current_events.rules)
2834862 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2019-02-12 (current_events.rules)
2834863 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-02-12 (current_events.rules)
2834864 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-02-12 (current_events.rules)
2834865 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-12 (current_events.rules)
2834866 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-12 (current_events.rules)
2834867 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-02-12 (current_events.rules)

[///]     Modified active rules:     [///]

2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2831998 - ETPRO TROJAN Possible Jenxcus Variant Exfiltrating via User-Agent (trojan.rules)
2833524 - ETPRO WEB_CLIENT CVE-2018-8174 VBScript - Common Value (web_client.rules)

Date: 
Monday, February 11, 2019 - 22:00