[***]            Summary:            [***]

1 new Open, 20 new Pro (1 + 19). MSIL/Sakari Stealer, W32/Plagiator.A, AirLink101 Command Injection, TUTOS 1.3 RCE, Various Phishing.

[+++]          Added rules:          [+++]

2027117 - ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration (trojan.rules)
2835542 - ETPRO TROJAN MSIL/Sakari Stealer CnC Checkin (trojan.rules)
2835543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-26 1) (trojan.rules)
2835544 - ETPRO TROJAN W32/Plagiator.A Stealer Checkin (trojan.rules)
2835545 - ETPRO EXPLOIT AirLink101 SkyIPCam1620W OS Command Injection Attempt (exploit.rules)
2835546 - ETPRO EXPLOIT TUTOS 1.3 Remote Command Execution Attempt (exploit.rules)
2835547 - ETPRO POLICY Observed External IP Lookup Domain (freegeoip .app in TLS SNI) (policy.rules)
2835548 - ETPRO POLICY Observed DNS Query to External IP Lookup Domain (freegeoip .app) (policy.rules)
2835549 - ETPRO POLICY Observed Roblox User-Agent (Roblox/WinInet) (policy.rules)
2835550 - ETPRO TROJAN Chalkkin Miner Requesting Commands/Params (trojan.rules)
2835551 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check (trojan.rules)
2835552 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835554 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC) (trojan.rules)
2835555 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-26 (current_events.rules)
2835556 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-26 (current_events.rules)
2835557 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-03-26 (current_events.rules)
2835558 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-03-26 (current_events.rules)
2835559 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-26 (current_events.rules)
2835560 - ETPRO CURRENT_EVENTS Successful Network Solutions Phish 2019-03-26 (current_events.rules)

Date: 
Monday, March 25, 2019 - 22:00