[***]            Summary:            [***]

6 new Open, 30 new Pro (6 + 24). DonotGroup, Coinminers, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027214 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2027215 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2027216 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2027217 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drivethrough .top) (trojan.rules)
2027218 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drinkeatgood .space) (trojan.rules)
2027219 - ET USER_AGENTS ESET Installer (user_agents.rules)

Pro:

2835912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-17 1) (trojan.rules)
2835913 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-17 2) (trojan.rules)
2835914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-17 3) (trojan.rules)
2835915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835917 - ETPRO TROJAN Observed Malicious SSL Cert (CoreDn Activity) (trojan.rules)
2835918 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-17 (current_events.rules)
2835919 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-17 (current_events.rules)
2835920 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-17 (current_events.rules)
2835921 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-17 (current_events.rules)
2835922 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-17 (current_events.rules)
2835923 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-04-17 (current_events.rules)
2835924 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-03-29 (current_events.rules)
2835925 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-04-17 (current_events.rules)
2835926 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-17 (current_events.rules)
2835927 - ETPRO CURRENT_EVENTS Successful Xoom / Paypal Phish 2019-04-17 (current_events.rules)
2835928 - ETPRO POLICY External IP Address Lookup DNS Query (api .ip .sb) (policy.rules)
2835929 - ETPRO POLICY External IP Address Lookup via api.ip .sb (policy.rules)
2835930 - ETPRO POLICY Observed External IP Lookup Domain (api.ip .sb in TLS SNI) (policy.rules)
2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home (policy.rules)
2835932 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Diagnostic Item (policy.rules)
2835933 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent SASDef_GetComponents (policy.rules)
2835934 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent SASDef_GetDescriptor (policy.rules)
2835935 - ETPRO POLICY SuperAntiSpyware PUA/PUP User-Agent SASDef_DownloadDefinitions (policy.rules)

[///]     Modified active rules:     [///]

2022578 - ET CURRENT_EVENTS JS Obfuscation - Possible Phishing 2016-03-01 (current_events.rules)
2027199 - ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc) (policy.rules)
2027200 - ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) (policy.rules)
2835265 - ETPRO MOBILE_MALWARE DonotGroup CnC DNS Query (mobile_malware.rules)

Date: 
Tuesday, April 16, 2019 - 22:00