[***]            Summary:            [***]

3 new Open, 27 new Pro (3 + 24). Android Trojans, Gozi, Coinminers, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027106 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (trojan.rules)
2027107 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (screenshot.) M1 (trojan.rules)
2027108 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 (trojan.rules)

Pro:

2835476 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Generic.C!c Checkin (mobile_malware.rules)
2835477 - ETPRO MOBILE_MALWARE PUP Android/MoneyThief Device Location Exfil (mobile_malware.rules)
2835478 - ETPRO MOBILE_MALWARE Android/Agent.BAS Checkin (mobile_malware.rules)
2835479 - ETPRO MOBILE_MALWARE Android/Agent.BAS CnC Beacon (mobile_malware.rules)
2835480 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.RLGK-5 Checkin (mobile_malware.rules)
2835481 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-21 1) (trojan.rules)
2835482 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-21 2) (trojan.rules)
2835485 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2835486 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-21 (current_events.rules)
2835487 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-03-21 (current_events.rules)
2835488 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-21 (current_events.rules)
2835489 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-03-21 (current_events.rules)
2835490 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-21 (current_events.rules)
2835491 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21 (current_events.rules)
2835492 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21 (current_events.rules)
2835493 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-03-21 (current_events.rules)
2835494 - ETPRO CURRENT_EVENTS Successful Netbank Phish 2019-03-21 (current_events.rules)
2835495 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-21 (current_events.rules)
2835496 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-21 (current_events.rules)
2835497 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-21 (current_events.rules)
2835498 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-03-21 (current_events.rules)
2835499 - ETPRO CURRENT_EVENTS Successful Roundcube Webmail Phish 2019-03-21 (current_events.rules)
2835500 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC) (trojan.rules)
2835501 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)

[---]         Removed rules:         [---]

2027106 - ET INFO Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (info.rules)
2027107 - ET INFO Suspicious Zipped Filename in Outbound POST Request (screenshot.) M1 (info.rules)
2027108 - ET INFO Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 (info.rules)

Date: 
Wednesday, March 20, 2019 - 22:00