[***]            Summary:            [***]

6 new Open, 48 new Pro (6 + 42). Powershell Empire, Fin7, Various SSL, JakyllHyde, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027283 - ET TROJAN Suspected Powershell Empire POST M1 (trojan.rules)
2027284 - ET TROJAN Suspected Powershell Empire GET M1 (trojan.rules)
2027285 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
2027286 - ET USER_AGENTS Aria2 User-Agent (user_agents.rules)
2027287 - ET INFO DYNAMIC_DNS Query to *.myddns.me Domain (info.rules)
2027288 - ET INFO DYNAMIC_DNS HTTP Request to a *.myddns.me Domain (info.rules)

Pro:

2836033 - ETPRO MOBILE_MALWARE Andr.Trojan.FakeTelegram-6736160-2 Checkin (mobile_malware.rules)
2836034 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin (mobile_malware.rules)
2836035 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-25 1) (trojan.rules)
2836036 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-25 2) (trojan.rules)
2836037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-25 3) (trojan.rules)
2836038 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-25 4) (trojan.rules)
2836039 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-04-25 (current_events.rules)
2836040 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-25 (current_events.rules)
2836041 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-25 (current_events.rules)
2836042 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-25 (current_events.rules)
2836043 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-04-25 (current_events.rules)
2836044 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-25 (current_events.rules)
2836045 - ETPRO CURRENT_EVENTS Successful TWC Webmail Phish 2019-04-25 (current_events.rules)
2836046 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-04-25 (current_events.rules)
2836047 - ETPRO CURRENT_EVENTS Successful OX App Suite Phish 2019-04-25 (current_events.rules)
2836048 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-25 (current_events.rules)
2836049 - ETPRO CURRENT_EVENTS Successful S-Pankki Phish 2019-04-25 (current_events.rules)
2836050 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-04-25 (current_events.rules)
2836051 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-04-25 (current_events.rules)
2836052 - ETPRO CURRENT_EVENTS Successful Online Virus Scan Phish 2019-04-25 (current_events.rules)
2836053 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-04-25 (current_events.rules)
2836054 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-25 (current_events.rules)
2836055 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25 (current_events.rules)
2836056 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-25 (current_events.rules)
2836057 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25 (current_events.rules)
2836058 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25 (current_events.rules)
2836059 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-25 (current_events.rules)
2836060 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25 (current_events.rules)
2836061 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-04-25 (current_events.rules)
2836062 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC) (trojan.rules)
2836063 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC) (trojan.rules)
2836064 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC) (trojan.rules)
2836065 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup (trojan.rules)
2836066 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup (trojan.rules)
2836067 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup (trojan.rules)
2836068 - ETPRO TROJAN Win32/Kryptik.GSLS CnC Checkin (trojan.rules)
2836069 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC) (trojan.rules)
2836070 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup (trojan.rules)
2836071 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup (trojan.rules)
2836072 - ETPRO TROJAN APT28 Zebrocy/Zekapab CnC Checkin (trojan.rules)
2836073 - ETPRO MALWARE Win32/JakyllHyde C2 Activity (malware.rules)
2836074 - ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 (malware.rules)

[///]     Modified active rules:     [///]

2027147 - ET TROJAN Win32/Beapy CnC Checkin (trojan.rules)
2027148 - ET TROJAN PS/Beapy CnC Checkin (trojan.rules)
2027149 - ET TROJAN Py/Beapy CnC Checkin (trojan.rules)
2835978 - ETPRO TROJAN Win32.Raccoon Stealer Password Exfil (trojan.rules)

Date: 
Wednesday, April 24, 2019 - 22:00