[***]            Summary:            [***]

3 new Open, 32 new Pro (3 + 29).  Fakeslic/Cohhoc RAT, Remcos RAT, Various SSL, Various Phish.

Thanks, DakotaCon Threat Hunting Class.

[+++]          Added rules:          [+++]

Open:

2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related) (current_events.rules)
2027144 - ET TROJAN Xwo CnC Activity (trojan.rules)
2027145 - ET CURRENT_EVENTS Spelevo EK Flash Exploit Attempt (current_events.rules)

Pro:

2835686 - ETPRO TROJAN Fakeslic/Cohhoc RAT CnC Request (trojan.rules)
2835687 - ETPRO POLICY External IP Lookup - jsonip.com (policy.rules)
2835688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-02 1) (trojan.rules)
2835689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-02 2) (trojan.rules)
2835690 - ETPRO POLICY External IP Lookup - whoami.php (policy.rules)
2835691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835692 - ETPRO TROJAN Win32/Malex.gen!E CnC Checkin (trojan.rules)
2835693 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-04-02) (current_events.rules)
2835694 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC) (trojan.rules)
2835695 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835696 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02 (current_events.rules)
2835697 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02 (current_events.rules)
2835698 - ETPRO CURRENT_EVENTS Successful Paypal  Phish 2019-04-02 (current_events.rules)
2835699 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish 2019-04-02 (current_events.rules)
2835700 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-02 (current_events.rules)
2835701 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-02 (current_events.rules)
2835702 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-04-02 (current_events.rules)
2835703 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-04-02 (current_events.rules)
2835704 - ETPRO CURRENT_EVENTS Successful Targo Bank DE Phish 2019-04-02 (current_events.rules)
2835705 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-04-02 (current_events.rules)
2835706 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-02 (current_events.rules)
2835707 - ETPRO CURRENT_EVENTS Successful Personalized OneDrive Phish 2019-04-02 (current_events.rules)
2835708 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish 2019-04-02 (current_events.rules)
2835709 - ETPRO CURRENT_EVENTS Successful Personalized Shipping Phish 2019-03-11 (current_events.rules)
2835710 - ETPRO CURRENT_EVENTS Successful Payoneer Phish 2019-04-02 (current_events.rules)
2835711 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-02 (current_events.rules)
2835712 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-04-02 (current_events.rules)
2835713 - ETPRO TROJAN MSIL/Filecoder.AK/GhostDakri Uploading Keylog File (trojan.rules)
2835714 - ETPRO TROJAN Remcos RAT Checkin 97 (trojan.rules)

[///]     Modified active rules:     [///]

2026738 - ET TROJAN [PTsecurity] Trickbot Data Exfiltration (trojan.rules)
2027024 - ET TROJAN Win32/Kribat-A Downloader Activity (trojan.rules)

Date: 
Monday, April 1, 2019 - 22:00