[***]            Summary:            [***]

7 new Open, 26 new Pro (7 + 19). Ursnif, Suspicious Zip Filenames, Coinminers, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027102 - ET CURRENT_EVENTS Inbound JS Downloader Using Array Push Obfuscation (current_events.rules)
2027103 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookies.txt) M1 (trojan.rules)
2027104 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookies.txt) M2 (trojan.rules)
2027105 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M1 (trojan.rules)
2027106 - ET INFO Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (info.rules)
2027107 - ET INFO Suspicious Zipped Filename in Outbound POST Request (screenshot.) M1 (info.rules)
2027108 - ET INFO Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 (info.rules)

Pro:

2835456 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.pac App List Exfil (mobile_malware.rules)
2835457 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-20 1) (trojan.rules)
2835458 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-20 2) (trojan.rules)
2835459 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-20 3) (trojan.rules)
2835460 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-20 4) (trojan.rules)
2835462 - ETPRO TROJAN WinPack Requesting Download (trojan.rules)
2835463 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835464 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-03-20 (current_events.rules)
2835465 - ETPRO CURRENT_EVENTS Successful EIR Phish 2019-03-20 (current_events.rules)
2835466 - ETPRO CURRENT_EVENTS Successful GMX Phish 2019-03-20 (current_events.rules)
2835467 - ETPRO CURRENT_EVENTS Successful UBS Phish 2019-03-20 (current_events.rules)
2835468 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-03-20 (current_events.rules)
2835469 - ETPRO CURRENT_EVENTS Successful Capital Trust Bank Phish 2019-03-20 (current_events.rules)
2835470 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-20 (current_events.rules)
2835471 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-03-20 (current_events.rules)
2835472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish 2019-03-20 (current_events.rules)
2835473 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-20 (current_events.rules)
2835474 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2019-03-20 (current_events.rules)
2835475 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-20 (current_events.rules)

[///]     Modified active rules:     [///]

2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC (trojan.rules)
2831729 - ETPRO EXPLOIT ZyXEL PK5001Z Backdoor Account Used By HNS Inbound (CVE-2016-10401) (exploit.rules)

Date: 
Tuesday, March 19, 2019 - 22:00