[***]            Summary:            [***]

23 new Open, 45 new Pro (23 + 22). Mirai Variant UA, ChaosBounce RAT, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2027118 - ET TROJAN W32/VBS.SLoad.Backdoor Initial Base64 Encoded OK Server Response (trojan.rules)
2027119 - ET TROJAN ELF/Mirai Variant UA Outbound (Rift) (trojan.rules)
2027120 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Rift) (user_agents.rules)
2027121 - ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) (trojan.rules)
2027122 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Tsunami) (user_agents.rules)
2027123 - ET TROJAN ELF/Mirai Variant UA Outbound (Yowai) (trojan.rules)
2027124 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Yowai) (user_agents.rules)
2027125 - ET TROJAN ELF/Mirai Variant UA Outbound (Yakuza) (trojan.rules)
2027126 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Yakuza) (user_agents.rules)
2027127 - ET TROJAN ELF/Mirai Variant UA Outbound (Hentai) (trojan.rules)
2027128 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Hentai) (user_agents.rules)
2027129 - ET TROJAN ELF/Mirai Variant UA Outbound (lessie) (trojan.rules)
2027130 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (lessie) (user_agents.rules)
2027131 - ET TROJAN ELF/Mirai Variant UA Outbound (Cakle) (trojan.rules)
2027132 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Cakle) (user_agents.rules)
2027133 - ET TROJAN ELF/Mirai Variant UA Outbound (Damien) (trojan.rules)
2027134 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Damien) (user_agents.rules)
2027135 - ET TROJAN ELF/Mirai Variant UA Outbound (Solar) (trojan.rules)
2027136 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Solar) (user_agents.rules)
2027137 - ET TROJAN ELF/Mirai Variant UA Outbound (muhstik) (trojan.rules)
2027138 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (muhstik) (user_agents.rules)
2027139 - ET TROJAN ELF/Mirai Variant UA Outbound (Shaolin) (trojan.rules)
2027140 - ET USER_AGENTS ELF/Mirai Variant UA Inbound (Shaolin) (user_agents.rules)
2835561 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 4 (mobile_malware.rules)
2835562 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 5 (mobile_malware.rules)
2835563 - ETPRO TROJAN MSIL/ChaosBounce RAT Initial CnC Checkin (trojan.rules)
2835564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-27 1) (trojan.rules)
2835565 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M3 (trojan.rules)
2835566 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M4 (trojan.rules)
2835567 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC) (trojan.rules)
2835568 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-03-27 (current_events.rules)
2835569 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-03-27 (current_events.rules)
2835570 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-27 (current_events.rules)
2835571 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-03-27 (current_events.rules)
2835572 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-27 (current_events.rules)
2835573 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2019-03-27 (current_events.rules)
2835574 - ETPRO CURRENT_EVENTS Successful Nexi Phish 2019-03-27 (current_events.rules)
2835575 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-03-27 (current_events.rules)
2835576 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-03-27 (current_events.rules)
2835577 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-27 (current_events.rules)
2835578 - ETPRO TROJAN MSIL/ChaosBounce RAT Initial CnC Response (trojan.rules)
2835579 - ETPRO TROJAN MSIL/ChaosBounce RAT RemoteDesktop Command Inbound (trojan.rules)
2835580 - ETPRO TROJAN MSIL/ChaosBounce RAT Additional Plugin Command Inbound (trojan.rules)
2835581 - ETPRO TROJAN MSIL/ChaosBounce RAT Kill Process Command Inbound (trojan.rules)
2835582 - ETPRO TROJAN MSIL/ChaosBounce RAT SendFile Command Inbound (trojan.rules)

[///]     Modified active rules:     [///]

2017886 - ET INFO SUSPICIOUS SMTP EXE - EXE SMTP Attachment (info.rules)
2027100 - ET TROJAN JasperLoader CnC Checkin (trojan.rules)
2027102 - ET CURRENT_EVENTS Inbound JasperLoader Using Array Push Obfuscation (current_events.rules)

Date: 
Tuesday, March 26, 2019 - 22:00