[***]            Summary:            [***]

34 new Open, 45 new Pro (34 + 11). StealerNeko, GitHub based Phish, TIE JS Redir, Win32.RussianDoll, Win32/PREBOT.

[+++]          Added rules:          [+++]

Open:

2027239 - ET TROJAN StealerNeko CnC Checkin (trojan.rules)
2027240 - ET POLICY Request for Possible Binance Phishing Hosted on Github.io (policy.rules)
2027241 - ET POLICY Request for Possible Paypal Phishing Hosted on Github.io (policy.rules)
2027242 - ET POLICY Request for Possible Ebay Phishing Hosted on Github.io (policy.rules)
2027243 - ET POLICY Request for Possible Webmail Phishing Hosted on Github.io (policy.rules)
2027244 - ET POLICY Request for Possible Account Phishing Hosted on Github.io (policy.rules)
2027245 - ET POLICY Request for Possible Office Phishing Hosted on Github.io (policy.rules)
2027246 - ET POLICY Request for Possible Outlook Phishing Hosted on Github.io (policy.rules)
2027247 - ET POLICY Request for Possible DHL Phishing Hosted on Github.io (policy.rules)
2027248 - ET POLICY Request for Possible Docusign Phishing Hosted on Github.io (policy.rules)
2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on Github.io (policy.rules)
2027250 - ET INFO Dotted Quad Host DLL Request (info.rules)
2027251 - ET INFO Dotted Quad Host DOC Request (info.rules)
2027252 - ET INFO Dotted Quad Host DOCX Request (info.rules)
2027253 - ET INFO Dotted Quad Host XLS Request (info.rules)
2027254 - ET INFO Dotted Quad Host XLSX Request (info.rules)
2027255 - ET INFO Dotted Quad Host PPT Request (info.rules)
2027256 - ET INFO Dotted Quad Host PPTX Request (info.rules)
2027257 - ET INFO Dotted Quad Host RTF Request (info.rules)
2027258 - ET INFO Dotted Quad Host PS Request (info.rules)
2027259 - ET INFO Dotted Quad Host PS1 Request (info.rules)
2027260 - ET INFO Dotted Quad Host VBS Request (info.rules)
2027261 - ET INFO Dotted Quad Host HTA Request (info.rules)
2027262 - ET INFO Dotted Quad Host ZIP Request (info.rules)
2027263 - ET INFO Dotted Quad Host GZ Request (info.rules)
2027264 - ET INFO Dotted Quad Host TGZ Request (info.rules)
2027265 - ET INFO Dotted Quad Host PDF Request (info.rules)
2027266 - ET INFO Dotted Quad Host RAR Request (info.rules)
2027267 - ET ATTACK_RESPONSE Possible Lateral Movement - File Creation Request in Remote System32 Directory (T1105) (attack_response.rules)
2027268 - ET ATTACK_RESPONSE Possible Remote System32 DLL Hijack Command Inbound via HTTP (T1038, T1105) (attack_response.rules)
2027269 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookie.txt) M1 (trojan.rules)
2027270 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookie.txt) M2 (trojan.rules)
2027271 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (ccdata.txt) M1 (trojan.rules)
2027272 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (ccdata.txt) M2 (trojan.rules)

Pro:

2835995 - ETPRO MOBILE_MALWARE Trojan.Dropper.AndroidOS.Agent.hg Checkin (mobile_malware.rules)
2835996 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.dm DNS Lookup (mobile_malware.rules)
2835997 - ETPRO TROJAN Win32.RussianDoll Stealer C2 HTTP Pattern (trojan.rules)
2835998 - ETPRO TROJAN Win32.PREBOT Stealer Checkin (trojan.rules)
2835999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-23 1) (trojan.rules)
2836000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-23 2) (trojan.rules)
2836001 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-23 3) (trojan.rules)
2836002 - ETPRO CURRENT_EVENTS TIE JS Redirector M1 (current_events.rules)
2836003 - ETPRO CURRENT_EVENTS TIE JS Redirector M2 (current_events.rules)
2836004 - ETPRO CURRENT_EVENTS TIE JS Redirector M3 (current_events.rules)
2836005 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-23 (current_events.rules)

[///]     Modified active rules:     [///]

2027238 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M3 (attack_response.rules)
2833618 - ETPRO TROJAN VBS/Qbot.Downloader CnC Checkin (trojan.rules)

Date: 
Monday, April 22, 2019 - 22:00