[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). EarthWorm/Termite IoT Agent, Various MalDoc, Various SSL, Various Phishing.

Thanks: AlienVault

[+++]          Added rules:          [+++]

Open:

2027064 - ET TROJAN [AV] EarthWorm/Termite IoT Agent Reporting Infection (trojan.rules)
2027065 - ET TROJAN EarthWorm/Termite IoT Agent CnC Response (trojan.rules)
2027066 - ET TROJAN OSX/EvilOSX Client Receiving Commands (trojan.rules)
2027068 - ET TROJAN Observed Malicious SSL Cert (APT32 JEShell CnC) (trojan.rules)

Pro:

2835226 - ETPRO TROJAN MalDoc Retrieving Payload 2019-03-06 (trojan.rules)
2835227 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835228 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2835229 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2835230 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-07 (current_events.rules)
2835231 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-07 (current_events.rules)
2835232 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-03-07 (current_events.rules)
2835233 - ETPRO CURRENT_EVENTS Successful Generic Download Document Phish 2019-03-07 (current_events.rules)
2835234 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish 2019-03-07 (current_events.rules)
2835235 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-03-07 (current_events.rules)
2835236 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-07 (current_events.rules)
2835237 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish 2019-03-07 (current_events.rules)
2835238 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-03-07 (current_events.rules)
2835240 - ETPRO CURRENT_EVENTS MalDoc Retrieving Dridex Payload 2018-03-06 (current_events.rules)

[///]     Modified active rules:     [///]

2027048 - ET TROJAN Py/MechaFlounder CnC Activity - Reporting Sleep Command Success (trojan.rules)

Date: 
Wednesday, March 6, 2019 - 22:00