[***]            Summary:            [***]

1 new Open, 32 new Pro (1 + 31).  APT32 Shellcode, JasperLoader, CoinMiners, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027142 - ET USER_AGENTS Observed Suspicious UA (Mozilla 6.0) (user_agents.rules)

Pro:

2835655 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 1) (trojan.rules)
2835656 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 2) (trojan.rules)
2835657 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 3) (trojan.rules)
2835658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 4) (trojan.rules)
2835659 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 5) (trojan.rules)
2835660 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 6) (trojan.rules)
2835661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 7) (trojan.rules)
2835662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 8) (trojan.rules)
2835663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 9) (trojan.rules)
2835664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-01 10) (trojan.rules)
2835665 - ETPRO TROJAN MalDoc Reporting System Information (trojan.rules)
2835666 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-01 (current_events.rules)
2835667 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01 (current_events.rules)
2835668 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01 (current_events.rules)
2835669 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-01 (current_events.rules)
2835670 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-01 (current_events.rules)
2835671 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-01 (current_events.rules)
2835672 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-01 (current_events.rules)
2835673 - ETPRO CURRENT_EVENTS Successful 163 Webmail Phish 2019-04-01 (current_events.rules)
2835674 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-01 (current_events.rules)
2835675 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-01 (current_events.rules)
2835676 - ETPRO CURRENT_EVENTS Possible Successful Generic Wordpress Hosted Phish 2019-04-01 (current_events.rules)
2835677 - ETPRO TROJAN Win32/Kryptik.GPXU CnC Checkin (trojan.rules)
2835678 - ETPRO TROJAN Win32/Xuni CnC Checkin (trojan.rules)
2835679 - ETPRO TROJAN JasperLoader Requesting Campaign Specific Payload (trojan.rules)
2835680 - ETPRO CURRENT_EVENTS JasperLoader Related PowerShell Inbound (current_events.rules)
2835681 - ETPRO TROJAN JasperLoader Spam Module Inbound (trojan.rules)
2835682 - ETPRO TROJAN Powerstats/MuddyWater CnC Activity (trojan.rules)
2835683 - ETPRO TROJAN Gozi Inject CnC Domain in SNI (trojan.rules)
2835684 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (409f2) (current_events.rules)
2835685 - ETPRO TROJAN APT32 Shellcode CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

2026772 - ET TROJAN ServHelper CnC Inital Checkin (trojan.rules)

Date: 
Sunday, March 31, 2019 - 22:00