[***]            Summary:            [***]

3 new Open, 20 new Pro (3 + 17). DonotGroup, MSIL.Staem, njRAT/Bladabindi Red Devil Variant, Various Phishing, Mobile.

Thanks: Kevin Ross

[+++]          Added rules:          [+++]

Open:

2027194 - ET EXPLOIT Unk.IoT IPCamera Exploit Attempt Inbound (exploit.rules)
2027195 - ET MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup Android CnC) (mobile_malware.rules)
2027196 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-04-12 (current_events.rules)

Pro:

2835830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-12 1) (trojan.rules)
2835831 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-12 2) (trojan.rules)
2835832 - ETPRO CURRENT_EVENTS Evil JavaScript retrieved Apr 12 2019 (current_events.rules)
2835833 - ETPRO TROJAN Win32/Neshta.A Variant Coin-Miner Checkin (trojan.rules)
2835834 - ETPRO TROJAN MSIL.Staem PWS FTP Exfil (trojan.rules)
2835835 - ETPRO TROJAN njRAT/Bladabindi Red Devil Variant Command (sc) (trojan.rules)
2835836 - ETPRO TROJAN njRAT/Bladabindi Red Devil Variant Command (inf) (trojan.rules)
2835837 - ETPRO TROJAN njRAT/Bladabindi Red Devil Variant Sending Screenshot (trojan.rules)
2835838 - ETPRO TROJAN njRAT/Bladabindi Red Devil Variant CnC Checkin (trojan.rules)
2835839 - ETPRO TROJAN Crypt0L0cker DE Downloading Ransom Message (trojan.rules)
2835840 - ETPRO TROJAN IRC Generic Client Infected Message (trojan.rules)
2835841 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-04-12 (current_events.rules)
2835842 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-12 (current_events.rules)
2835843 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-12 (current_events.rules)
2835844 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2019-04-12 (current_events.rules)
2835845 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2019-04-12 (current_events.rules)
2835846 - ETPRO CURRENT_EVENTS Successful Chalbhai Phish 2019-04-12 (current_events.rules)

[///]     Modified active rules:     [///]

2019980 - ET POLICY External IP Check myexternalip.com (policy.rules)
2831402 - ETPRO TROJAN MSIL/Predator The Thief CnC Checkin (trojan.rules)
2831995 - ETPRO TROJAN Win32/Predator The Thief Sending Data to CnC (trojan.rules)

Date: 
Thursday, April 11, 2019 - 22:00