[***]            Summary:            [***]

4 new Open, 33 new Pro (4 + 29).  DonotGroup, Win32.Mokes, Various SSL/TLS, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027289 - ET TROJAN Novaloader Stage 2 VBS Request (trojan.rules)
2027290 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027291 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027292 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)

Pro:

2836099 - ETPRO TROJAN Win32/Vigorf.A Checkin 2 (trojan.rules)
2836100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-29 1) (trojan.rules)
2836101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-29 2) (trojan.rules)
2836102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-29 3) (trojan.rules)
2836103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-29 4) (trojan.rules)
2836104 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836105 - ETPRO TROJAN DCRS Backdoor CnC Checkin (trojan.rules)
2836106 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-04-29 (current_events.rules)
2836107 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-04-29 (current_events.rules)
2836108 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29 (current_events.rules)
2836109 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-04-29 (current_events.rules)
2836110 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-29 (current_events.rules)
2836111 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-04-29 (current_events.rules)
2836112 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-04-29 (current_events.rules)
2836113 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-04-29 (current_events.rules)
2836114 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-29 (current_events.rules)
2836115 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-04-29 (current_events.rules)
2836116 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-29 (current_events.rules)
2836117 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-29 (current_events.rules)
2836118 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-04-29 (current_events.rules)
2836119 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29 (current_events.rules)
2836120 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-29 (current_events.rules)
2836121 - ETPRO TROJAN SSL/TLS Certificate Observed (PoshAdvisor) (trojan.rules)
2836122 - ETPRO TROJAN Win32.Mokes Backdoor CnC Activity (trojan.rules)
2836125 - ETPRO TROJAN DonotGroup CnC Domain in SNI (trojan.rules)
2836126 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2836127 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 1 (trojan.rules)
2836128 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 2 (trojan.rules)
2836129 - ETPRO TROJAN Observed Malicious SSL Cert (Possible DonotGroup CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2826931 - ETPRO TROJAN Idicaf CnC Beacon (trojan.rules)
2830910 - ETPRO TROJAN Win32/digimine/nigelthorn CnC Checkin via HTTP (trojan.rules)
2836097 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async Deserialization RCE M1 (web_client.rules)
2836098 - ETPRO WEB_CLIENT Possible Oracle Weblogic wls9-async Deserialization RCE M2 (web_client.rules)

Date: 
Sunday, April 28, 2019 - 22:00