[***]            Summary:            [***]

10 new Open, 37 new Pro (10 + 27). DNSpionage/Karkoff, GitHub based Phish, Sidewinder, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2027273 - ET TROJAN Baldr Stealer Checkin M2 (trojan.rules)
2027274 - ET POLICY Request for Possible Microsoft Phishing Hosted on Github.io (policy.rules)
2027275 - ET POLICY Request for Possible Facebook Phishing Hosted on Github.io (policy.rules)
2027276 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (google_chrome_default_) M1 (trojan.rules)
2027277 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (google_chrome_default_) M2 (trojan.rules)
2027278 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Mozilla_Firefox_Cookies) M1 (trojan.rules)
2027279 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Mozilla_Firefox_Cookies) M2 (trojan.rules)
2027280 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup (trojan.rules)
2027281 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup (trojan.rules)
2027282 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup (trojan.rules)

Pro:

2836006 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.DRNE-8 CnC Beacon (mobile_malware.rules)
2836007 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.an Location Exfil (mobile_malware.rules)
2836008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koomer.A Checkin (mobile_malware.rules)
2836009 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC) (trojan.rules)
2836010 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish 2019-04-24 (current_events.rules)
2836011 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-24 (current_events.rules)
2836012 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-24 (current_events.rules)
2836013 - ETPRO CURRENT_EVENTS Successful 126 Webmail Phish 2019-04-24 (current_events.rules)
2836014 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-24 (current_events.rules)
2836015 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-04-24 (current_events.rules)
2836016 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-24 (current_events.rules)
2836017 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-24 (current_events.rules)
2836018 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-24 (current_events.rules)
2836019 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-24 (current_events.rules)
2836020 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-24 (current_events.rules)
2836021 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-24 (current_events.rules)
2836022 - ETPRO CURRENT_EVENTS Successful Delta Phish 2019-04-24 (current_events.rules)
2836023 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-04-24 (current_events.rules)
2836024 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-24 (current_events.rules)
2836025 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-24 (current_events.rules)
2836026 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-24 (current_events.rules)
2836027 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-24 (current_events.rules)
2836028 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-24 (current_events.rules)
2836029 - ETPRO TROJAN APT DNSpionage/Karkoff XORed Config Inbound (0x46) (trojan.rules)
2836030 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup (trojan.rules)
2836031 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup (trojan.rules)
2836032 - ETPRO TROJAN APT SideWinder JS Loader Inbound (trojan.rules)

[///]     Modified active rules:     [///]

2018959 - ET POLICY PE EXE or DLL Windows file download HTTP (policy.rules)
2026114 - ET MALWARE Luxsoft Win32/ICLoader User-Agent (malware.rules)
2835998 - ETPRO TROJAN Win32/SideWinder.PreBOT Stealer Checkin (trojan.rules)

Date: 
Tuesday, April 23, 2019 - 22:00