[***]            Summary:            [***]

24 new Pro. Vidar/Arkei, Informer Stealer, Oracle Weblogic Vulns, Various Phishing.

TIIF

[+++]          Added rules:          [+++]

Pro:

2836075 - ETPRO POLICY Consolone Management Windows Agent Checkin (policy.rules)
2836076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-26 1) (trojan.rules)
2836077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-26 2) (trojan.rules)
2836078 - ETPRO TROJAN Win32.Informer Stealer Checkin (trojan.rules)
2836079 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-04-26) (current_events.rules)
2836080 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-26 (current_events.rules)
2836081 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-26 (current_events.rules)
2836082 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-26 (current_events.rules)
2836083 - ETPRO CURRENT_EVENTS Successful Squarespace Phish 2019-04-26 (current_events.rules)
2836084 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-26 (current_events.rules)
2836085 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-26 (current_events.rules)
2836086 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-04-26 (current_events.rules)
2836087 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-26 (current_events.rules)
2836088 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish 2019-04-26 (current_events.rules)
2836089 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-26 (current_events.rules)
2836090 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-26 (current_events.rules)
2836091 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-04-26 (current_events.rules)
2836092 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26 (current_events.rules)
2836093 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26 (current_events.rules)
2836094 - ETPRO TROJAN Vidar/Arkei Stealer Task Request (trojan.rules)
2836095 - ETPRO TROJAN Vidar/Arkei Stealer Checkin (trojan.rules)
2836096 - ETPRO TROJAN SSL/TLS Certificate Observed (Win32/CoinMiner.C) (trojan.rules)
2836097 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async Deserialization RCE M1 (web_client.rules)
2836098 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async Deserialization RCE M2 (web_client.rules)

[///]     Modified active rules:     [///]

2836073 - ETPRO MALWARE Win32/JakyllHyde C2 Activity (malware.rules)

[---]         Disabled rules:        [---]

2828933 - ETPRO TROJAN PowerRatankba DNS Lookup 13 (trojan.rules)

Date: 
Thursday, April 25, 2019 - 22:00