[***]            Summary:            [***]

54 new Pro. Vabushky.A, APT28 Zebrocy/Zekapab, Kimsuky BabyShark, Various Phishing, Various Mobile.

Thanks: Kevin Ross

[+++]          Added rules:          [+++]

2835583 - ETPRO MOBILE_MALWARE AndroidOS/GinMaster.R CnC Beacon (mobile_malware.rules)
2835584 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE CnC Beacon (mobile_malware.rules)
2835585 - ETPRO TROJAN Win64/Vabushky.A Checkin 1 (trojan.rules)
2835586 - ETPRO TROJAN Win64/Vabushky.A Checkin 2 (trojan.rules)
2835587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-28 1) (trojan.rules)
2835588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-28 2) (trojan.rules)
2835589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-28 3) (trojan.rules)
2835590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-28 4) (trojan.rules)
2835591 - ETPRO TROJAN Evil PDF Retrieving Emotet Payload (trojan.rules)
2835592 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound Leading to EK (3f78a) (current_events.rules)
2835593 - ETPRO TROJAN Outbound SQL Injection Scanning M1 (trojan.rules)
2835594 - ETPRO TROJAN Outbound SQL Injection Scanning M2 (trojan.rules)
2835595 - ETPRO TROJAN Outbound SQL Injection Scanning M3 (trojan.rules)
2835596 - ETPRO TROJAN Outbound SQL Injection Scanning M4 (trojan.rules)
2835597 - ETPRO CURRENT_EVENTS Terse Request for Possible MalDoc via Grabilla (current_events.rules)
2835598 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-03-28) (current_events.rules)
2835599 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2835600 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-03-28 2) (current_events.rules)
2835601 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835602 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-28 (current_events.rules)
2835603 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-28 (current_events.rules)
2835604 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-28 (current_events.rules)
2835605 - ETPRO CURRENT_EVENTS Successful Adobe Cloud Phish 2019-03-28 (current_events.rules)
2835606 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-03-28 (current_events.rules)
2835607 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-28 (current_events.rules)
2835608 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-28 (current_events.rules)
2835609 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-03-28 (current_events.rules)
2835610 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-28 (current_events.rules)
2835611 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-28 (current_events.rules)
2835612 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-28 (current_events.rules)
2835613 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-28 (current_events.rules)
2835614 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-03-28 (current_events.rules)
2835615 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-28 (current_events.rules)
2835616 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-28 (current_events.rules)
2835617 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-28 (current_events.rules)
2835618 - ETPRO TROJAN APT28 Zebrocy/Zekapab POST Template Structure (trojan.rules)
2835619 - ETPRO MALWARE Win32/Conduit.SearchProtect PUA CnC Checkin (malware.rules)
2835620 - ETPRO TROJAN Observed Malicious SSL Cert (More_Eggs CnC) (trojan.rules)
2835621 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835622 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835623 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835624 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835625 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835626 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835627 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835628 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835629 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835630 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835631 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835632 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835633 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835634 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835635 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup (trojan.rules)
2835636 - ETPRO TROJAN Kimsuky BabyShark DNS Lookup (trojan.rules)

[///]     Modified active rules:     [///]

2027117 - ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration (trojan.rules)
2833895 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.em / BankBot CnC Beacon (mobile_malware.rules)
2835520 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aabf Checkin (mobile_malware.rules)
2835541 - ETPRO TROJAN ChaseBot CnC Response (trojan.rules)

[---]  Disabled and modified rules:  [---]

2832218 - ETPRO TROJAN AmzBot CnC Activity (trojan.rules)

Date: 
Wednesday, March 27, 2019 - 22:00