[***]            Summary:            [***]

36 new Open, 48 new Pro (36 + 12). Powershell Stagers, MageCart, CrazyCrypt, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026988 - ET INFO PowerShell NoProfile Command Received In Powershell Stagers (info.rules)
2026989 - ET INFO PowerShell Hidden Window Command Common In Powershell Stagers M1 (info.rules)
2026990 - ET INFO PowerShell Hidden Window Command Common In Powershell Stagers M2 (info.rules)
2026991 - ET INFO PowerShell NonInteractive Command Common In Powershell Stagers (info.rules)
2026992 - ET INFO PowerShell Base64 Encoded Content Command Common In Powershell Stagers M1 (info.rules)
2026993 - ET INFO PowerShell Base64 Encoded Content Command Common In Powershell Stagers M2 (info.rules)
2026994 - ET INFO PowerShell DownloadFile Command Common In Powershell Stagers (info.rules)
2026995 - ET INFO PowerShell DownloadString Command Common In Powershell Stagers (info.rules)
2026996 - ET INFO PowerShell DownloadData Command Common In Powershell Stagers (info.rules)
2026997 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC) (trojan.rules)
2026998 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC) (trojan.rules)
2026999 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027000 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027001 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027002 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027003 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027004 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027005 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027006 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027007 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027008 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027009 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027010 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027011 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027012 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027013 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027014 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027015 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027016 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027017 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027018 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027019 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027020 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027021 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027022 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)
2027023 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC) (trojan.rules)

Pro:

2835091 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-28 1) (trojan.rules)
2835092 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-28 2) (trojan.rules)
2835093 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-28 3) (trojan.rules)
2835094 - ETPRO TROJAN MSIL.TScope Checkin 1 (trojan.rules)
2835095 - ETPRO TROJAN MSIL.TScope Checkin 2 (trojan.rules)
2835096 - ETPRO TROJAN MSIL.TScope Checkin 3 (trojan.rules)
2835097 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-28 (current_events.rules)
2835098 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-28 (current_events.rules)
2835099 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-28 (current_events.rules)
2835100 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-02-28 (current_events.rules)
2835101 - ETPRO CURRENT_EVENTS Successful Foxmail Phish 2019-02-28 (current_events.rules)
2835102 - ETPRO TROJAN CrazyCrypt 2.1 Ransomware CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

2026911 - ET TROJAN OSX/Shlayer CnC Landing M2 (trojan.rules)

Date: 
Wednesday, February 27, 2019 - 22:00