[***] Summary: [***]
6 new Open, 18 new Pro (6 + 12). Suspicious Nameservers, Mendigos Stealer, Various SSL Certs, Various Phish.
[+++] Added rules: [+++]
Open:
2026902 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026903 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026904 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026905 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026906 - ET TROJAN Possible Astaroth User-Agent Observed (trojan.rules)
2026907 - ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected (mobile_malware.rules)
Pro:
2834868 - ETPRO TROJAN MSIL.Mendigos Stealer (trojan.rules)
2834869 - ETPRO MALWARE Win32/Zpevdo.B PUP/PUA Reporting System Info (malware.rules)
2834870 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects) (trojan.rules)
2834871 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-13) (current_events.rules)
2834872 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-02-13 Domain (customsservices .xyz in TLS SNI) (current_events.rules)
2834873 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-13 (current_events.rules)
2834874 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-13 (current_events.rules)
2834875 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-02-13 (current_events.rules)
2834876 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2019-02-13 (current_events.rules)
2834877 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)
2834878 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)
2834879 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)
[///] Modified active rules: [///]
2834793 - ETPRO CURRENT_EVENTS Inbound JScript Executing Obfuscated Bitsadmin Job (current_events.rules)
2834849 - ETPRO TROJAN El Profiler CnC Checkin (trojan.rules)
2026901 - ET TROJAN Win32/Remcos RAT Checkin 84 (trojan.rules)