[***]            Summary:            [***]

15 new Open, 54 new Pro (15 + 39). Brushaloader, STOLENPENCIL, Coinminers, Various Phish

[+++]          Added rules:          [+++]

Open:

2026966 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026967 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026968 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026969 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026970 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026971 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026972 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026973 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026974 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026975 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026976 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026977 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026978 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026979 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026980 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)

Pro:

2834980 - ETPRO MOBILE_MALWARE Android/Hiddad.HI SMS/Contact Exfil via SMTP (mobile_malware.rules)
2834981 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.LockScreen Reporting Infection via SMTP (mobile_malware.rules)
2834982 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834983 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834984 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834985 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834986 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834987 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834988 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834989 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834990 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2834991 - ETPRO TROJAN Win32.PWSYunsip Stealer (trojan.rules)
2834992 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 01) (trojan.rules)
2834993 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 02) (trojan.rules)
2834994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 03) (trojan.rules)
2834995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 04) (trojan.rules)
2834996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 05) (trojan.rules)
2834997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 06) (trojan.rules)
2834998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 07) (trojan.rules)
2834999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 08) (trojan.rules)
2835000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-22 09) (trojan.rules)
2835001 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-21 10) (trojan.rules)
2835002 - ETPRO MALWARE Ticno Downloader/Adware Connectivity Check (malware.rules)
2835003 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2835004 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2835005 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2835006 - ETPRO CURRENT_EVENTS Possible STOLENPENCIL Credential Phishing DNS Lookup Feb 22 2019 (current_events.rules)
2835008 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-02-22 (current_events.rules)
2835009 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-02-22 (current_events.rules)
2835010 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-02-22 (current_events.rules)
2835011 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-02-22 (current_events.rules)
2835012 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-22 (current_events.rules)
2835013 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-22 (current_events.rules)
2835014 - ETPRO CURRENT_EVENTS Successful M&T Phish 2019-02-22 (current_events.rules)
2835015 - ETPRO CURRENT_EVENTS Successful M&T Phish 2019-02-22 (current_events.rules)
2835016 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-22 (current_events.rules)
2835017 - ETPRO TROJAN GoodBoy Python Backdoor - Initial Checkin (trojan.rules)
2835018 - ETPRO CURRENT_EVENTS Obfuscated PowerShell Downloader Inbound (current_events.rules)
2835019 - ETPRO INFO Suspicious SSL/TLS Certificate Observed (DarkMatter Signed) (info.rules)

Date: 
Thursday, February 21, 2019 - 22:00