[***]            Summary:            [***]

2 new Open, 35 new Pro (2 + 33). Win32/Spy.RTM/Redaman, FinderBot, Various EK, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2027025 - ET TROJAN [PTsecurity] Win32/Spy.RTM/Redaman IP Check (trojan.rules)
2027026 - ET POLICY External IP Address Lookup DNS Query (policy.rules)

Pro:

2835124 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis CnC Beacon (mobile_malware.rules)
2835125 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon (mobile_malware.rules)
2835126 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon 2 (mobile_malware.rules)
2835127 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.abp CnC Beacon (mobile_malware.rules)
2835128 - ETPRO MOBILE_MALWARE Android/Agent.AMP Checkin (mobile_malware.rules)
2835129 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJZ Checkin (mobile_malware.rules)
2835130 - ETPRO TROJAN MSIL/Spy.Agent.BPX Checkin (trojan.rules)
2835131 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 1) (trojan.rules)
2835132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 2) (trojan.rules)
2835133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 3) (trojan.rules)
2835134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 4) (trojan.rules)
2835135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 5) (trojan.rules)
2835136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-04 6) (trojan.rules)
2835137 - ETPRO TROJAN FinderBot Checkin/Requesting Payload (trojan.rules)
2835138 - ETPRO TROJAN FinderBot User-Agent (nnn/) (trojan.rules)
2835139 - ETPRO TROJAN FinderBot Requesting Tasks (trojan.rules)
2835140 - ETPRO TROJAN FinderBot Cookie Exfil (trojan.rules)
2835141 - ETPRO TROJAN FinderBot Login Exfil (trojan.rules)
2835142 - ETPRO TROJAN FinderBot CnC Checkin (trojan.rules)
2835143 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-03-04 (current_events.rules)
2835144 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-04 (current_events.rules)
2835145 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-04 (current_events.rules)
2835146 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-04 (current_events.rules)
2835147 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-04 (current_events.rules)
2835148 - ETPRO CURRENT_EVENTS Malicious HookAds Affiliate - Redirect to EK (current_events.rules)
2835149 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EK Landing) (current_events.rules)
2835150 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (9d5e3) (current_events.rules)
2835151 - ETPRO TROJAN MSIL/Spy.Agent.BTP CnC Checkin (trojan.rules)
2835152 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2019-03-04 (current_events.rules)
2835153 - ETPRO TROJAN Win32/Phorpiex CnC DNS Query (trojan.rules)
2835154 - ETPRO TROJAN PowerShell Downloader CnC Checkin (trojan.rules)
2835155 - ETPRO TROJAN Win-Python-Backdoor Config Inbound (trojan.rules)
2835156 - ETPRO TROJAN VBS/Susp.Enumerator Script Inbound (trojan.rules)

[///]     Modified active rules:     [///]

2835102 - ETPRO TROJAN CrazyCrypt Ransomware CnC Activity (trojan.rules)

Date: 
Sunday, March 3, 2019 - 22:00