[***]            Summary:            [***]

11 new Open, 29 new Pro (11 + 18). (?:Nslookup|Ipconfig|Net View) in SMB Traffic, MSIL/fhRansum, Kaprav, Various Phishing, Mobile.

Thanks: Kevin Ross

[+++]          Added rules:          [+++]

Open:

2027183 - ET POLICY Nslookup Command in SMB Traffic - Possible Lateral Movement (policy.rules)
2027184 - ET POLICY Nslookup Command in SMB Traffic - Possible Lateral Movement (policy.rules)
2027185 - ET POLICY Ipconfig Command in SMB Traffic - Possible Lateral Movement (policy.rules)
2027186 - ET POLICY Ipconfig Command in SMB Traffic - Possible Lateral Movement (policy.rules)
2027187 - ET POLICY Net View Command in SMB Traffic - Likely Lateral Movement (policy.rules)
2027188 - ET POLICY Net View Command in SMB Traffic - Likely Lateral Movement (policy.rules)
2027189 - ET NETBIOS DCERPC DCOM ExecuteShellCommand Call - Likely Lateral Movement (netbios.rules)
2027190 - ET NETBIOS DCERPC DCOM ShellExecute - Likely Lateral Movement (netbios.rules)
2027191 - ET POLICY Executable Transfer in SMB (policy.rules)
2027192 - ET POLICY Tunneled RDP msts Handshake (policy.rules)
2027193 - ET POLICY Tunneled RDP Handshake (policy.rules)

Pro:

2835812 - ETPRO MOBILE_MALWARE Android/iThree.A Checkin (mobile_malware.rules)
2835813 - ETPRO MOBILE_MALWARE Android/Indinfo.A Checkin (mobile_malware.rules)
2835814 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO Location Exfil (mobile_malware.rules)
2835815 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO CnC Beacon (mobile_malware.rules)
2835816 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-11 1) (trojan.rules)
2835817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-11 2) (trojan.rules)
2835818 - ETPRO TROJAN Win32/VB.CU Stealer SMTP Exfil (trojan.rules)
2835819 - ETPRO TROJAN MSIL/fhRansum CnC Checkin (trojan.rules)
2835820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835821 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835822 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835823 - ETPRO TROJAN Kaprav Related FTP Implant (trojan.rules)
2835824 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835825 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-04-11 (current_events.rules)
2835826 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-04-11 (current_events.rules)
2835827 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-11 (current_events.rules)
2835828 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-11 (current_events.rules)
2835829 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-04-11 (current_events.rules)

[///]     Modified active rules:     [///]

2831402 - ETPRO TROJAN MSIL/Predator The Thief CnC Checkin (trojan.rules)
2831995 - ETPRO TROJAN Win32/Predator The Thief Sending Data to CnC (trojan.rules)

Date: 
Wednesday, April 10, 2019 - 22:00