[***]            Summary:            [***]

18 new Open, 69 new Pro (18 + 51). Py/MechaFlounder, FinderBot, SkidRAT Botnet, Various SSL, Mirai, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027046 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-03-06 (current_events.rules)
2027047 - ET TROJAN Py/MechaFlounder CnC Checkin (trojan.rules)
2027048 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Sleep Command Success (trojan.rules)
2027049 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Download Command Success (trojan.rules)
2027050 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Download Command Error (trojan.rules)
2027051 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Upload Command Success (trojan.rules)
2027052 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Upload Command Error (trojan.rules)
2027053 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Directory Change Command Success (trojan.rules)
2027054 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027055 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027056 - ET TROJAN Sidewinder CnC DNS Query (trojan.rules)
2027057 - ET TROJAN MSIL/SkidRat CnC Checkin M1 (trojan.rules)
2027058 - ET TROJAN FIN6 StealerOne CnC Domain in SNI (trojan.rules)
2027059 - ET TROJAN FIN6 StealerOne CnC DNS Query (trojan.rules)
2027060 - ET USER_AGENTS MSIL/SkidRat User-Agent Observed (user_agents.rules)
2027061 - ET TROJAN MSIL/SkidRat CnC Checkin M2 (trojan.rules)
2027062 - ET TROJAN MSIL/SkidRat CnC Checkin M3 (trojan.rules)
2027063 - ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) (exploit.rules)

Pro:

2835175 - ETPRO MOBILE_MALWARE Android/Hiddad.FU Checkin (mobile_malware.rules)
2835176 - ETPRO MOBILE_MALWARE Android.Trojan-Downloader.Agent.bj <http://android.trojan-downloader.agent.bj/> Checkin (mobile_malware.rules)
2835177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 1) (trojan.rules)
2835178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 2) (trojan.rules)
2835179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 3) (trojan.rules)
2835180 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 4) (trojan.rules)
2835181 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 5) (trojan.rules)
2835182 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 6) (trojan.rules)
2835183 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 7) (trojan.rules)
2835184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 8) (trojan.rules)
2835185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 9) (trojan.rules)
2835186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 10) (trojan.rules)
2835187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 11) (trojan.rules)
2835188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 12) (trojan.rules)
2835189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-06 13) (trojan.rules)
2835190 - ETPRO TROJAN Win32/Pterodo.NG Checkin (trojan.rules)
2835191 - ETPRO CURRENT_EVENTS Orcus RAT Dropper Domain in DNS Lookup (current_events.rules)
2835192 - ETPRO CURRENT_EVENTS Orcus RAT Dropper Domain in TLS SNI (current_events.rules)
2835193 - ETPRO POLICY Observed SSL Cert (External IP Lookup (www. myexternalip .com)) (policy.rules)
2835194 - ETPRO POLICY Observed SSL Cert (External IP Lookup (whatsmyip .net)) (policy.rules)
2835195 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check 4 (trojan.rules)
2835196 - ETPRO POLICY Observed External IP Check (whatsmyip .net) (policy.rules)
2835197 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC) (trojan.rules)
2835198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2835200 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2835201 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin Phish 2019-03-06 (current_events.rules)
2835202 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-03-06 (current_events.rules)
2835203 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-06 (current_events.rules)
2835204 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-03-06 (current_events.rules)
2835205 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-06 (current_events.rules)
2835206 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-03-06 (current_events.rules)
2835207 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-06 (current_events.rules)
2835208 - ETPRO CURRENT_EVENTS Successful Emirates NBD Bank Phish 2019-03-06 (current_events.rules)
2835209 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2019-03-06 (current_events.rules)
2835210 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2019-03-06 (current_events.rules)
2835211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-06 (current_events.rules)
2835212 - ETPRO CURRENT_EVENTS Successful Exchange Email Settings Phish 2019-03-06 (current_events.rules)
2835213 - ETPRO TROJAN Win32/Vake.D Requesting Payload (trojan.rules)
2835214 - ETPRO MALWARE ReimagePlus PUA Checkin M1 (malware.rules)
2835215 - ETPRO MALWARE ReimagePlus PUA Checkin M2 (malware.rules)
2835216 - ETPRO TROJAN Win32/Agent.RNS Requesting New Payload CnC Address (trojan.rules)
2835217 - ETPRO TROJAN Win32/Agent.RNS Requesting Payload (trojan.rules)
2835218 - ETPRO USER_AGENTS ELF/Mirai Hotaru Variant User-Agent (user_agents.rules)
2835219 - ETPRO USER_AGENTS ELF/Mirai OKANE Variant User-Agent (user_agents.rules)
2835220 - ETPRO USER_AGENTS ELF/Mirai Sefa Variant User-Agent (user_agents.rules)
2835221 - ETPRO EXPLOIT D-LINK Router DSL-2750B RCE M2 - Outbound (metasploit version) (exploit.rules)
2835222 - ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) (exploit.rules)
2835223 - ETPRO EXPLOIT AVTECH IP Camera Unauthenticated CGI Dir Vulnerability - Outbound (exploit.rules)
2835224 - ETPRO USER_AGENTS ELF/Mirai LMAO Variant User-Agent (user_agents.rules)
2835225 - ETPRO USER_AGENTS ELF/Mirai Solstice Variant User-Agent (user_agents.rules)

[///]     Modified active rules:     [///]

2018856 - ET TROJAN Windows executable base64 encoded (trojan.rules)
2026563 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Redirect/Inject List (trojan.rules)
2824368 - ETPRO TROJAN Oilrig/Chafer Dev VBS Checkin (trojan.rules)

Date: 
Tuesday, March 5, 2019 - 22:00