[***]            Summary:            [***]

8 new Open, 31 new Pro (8 + 23). ShadowHammer, ChaseBot, StealerSFX, Various Phishing, Various Mobile.

Thanks: James Lay

[+++]          Added rules:          [+++]

Open:

2027109 - ET TROJAN ShadowHammer DNS Lookup (trojan.rules)
2027110 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027111 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027112 - ET TROJAN MSIL/DataMilk Stealer Communicating with CnC (trojan.rules)
2027113 - ET TROJAN ChaseBot CnC Checkin (trojan.rules)
2027114 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (wallet.dat) M1 (trojan.rules)
2027115 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (wallet.dat) M2 (trojan.rules)
2027116 - ET TROJAN Observed Malicious SSL Cert (ShadowHammer CnC) (trojan.rules)

Pro:

2835519 - ETPRO MOBILE_MALWARE Android/Syringe.S Checkin (mobile_malware.rules)
2835520 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aabf Checkin (mobile_malware.rules)
2835521 - ETPRO TROJAN Win32/StealerSFX Exfiltrating Data to CnC (trojan.rules)
2835522 - ETPRO TROJAN MSIL/PWS.Agent.RCS CnC Checkin (trojan.rules)
2835523 - ETPRO MOBILE_MALWARE Android/Zippeagle Checkin (mobile_malware.rules)
2835524 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835525 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-25 (current_events.rules)
2835526 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-03-25 (current_events.rules)
2835527 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation Phish 2019-03-25 (current_events.rules)
2835528 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25 (current_events.rules)
2835529 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-25 (current_events.rules)
2835530 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25 (current_events.rules)
2835531 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish 2019-03-25 (current_events.rules)
2835532 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-25 (current_events.rules)
2835533 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish 2019-03-25 (current_events.rules)
2835534 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-25 (current_events.rules)
2835535 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-25 (current_events.rules)
2835536 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-25 (current_events.rules)
2835537 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-25 (current_events.rules)
2835538 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-25 (current_events.rules)
2835539 - ETPRO CURRENT_EVENTS Successful AT&T Verification Phish 2019-03-25 (current_events.rules)
2835540 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-25 (current_events.rules)
2835541 - ETPRO TROJAN Possible ChaseBot CnC Response (trojan.rules)

[///]     Modified active rules:     [///]

2025224 - ET TROJAN RocketMan Win32/Drun (trojan.rules)
2026102 - ET EXPLOIT Linksys E-Series Device RCE Attempt (exploit.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC (trojan.rules)
2027107 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (screenshot.) M1 (trojan.rules)
2027108 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 (trojan.rules)
2827757 - ETPRO TROJAN APT32 Win32.Denes CnC Beacon (trojan.rules)
2834933 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)

[---]         Removed rules:         [---]

2830196 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-03-29 (current_events.rules)

Date: 
Sunday, March 24, 2019 - 22:00