[***]            Summary:            [***]

8 new Open, 51 new Pro (8 + 43).  Megumin Stealer, DonotGroup, Zebrocy, Various SSL/TLS, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027293 - ET TROJAN Megumin v2 Stealer User-Agent (trojan.rules)
2027294 - ET CURRENT_EVENTS Successful Generic Phish 2019-04-30 (set) (current_events.rules)
2027295 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027296 - ET TROJAN DonotGroup Stage 2 CnC Domain in DNS Lookup (trojan.rules)
2027297 - ET TROJAN Observed Malicious SSL Cert (DonotGroup Stage 2 CnC) (trojan.rules)
2027298 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2027299 - ET INFO DYNAMIC_DNS Query to *.autoddns .com Domain (info.rules)
2027300 - ET INFO DYNAMIC_DNS HTTP Request to a *.autoddns.com Domain (info.rules)

Pro:

2836130 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.KYFR-0 Checkin (mobile_malware.rules)
2836131 - ETPRO MOBILE_MALWARE Trojan.Dropper.AndroidOS.Agent.hg Checkin (mobile_malware.rules)
2836132 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836133 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836134 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836135 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836136 - ETPRO TROJAN Tech Support Scam Landing Page iframe JS Inbound (trojan.rules)
2836137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-30 1) (trojan.rules)
2836138 - ETPRO INFO Suspicious POST with 0 Len and Minimal Headers (info.rules)
2836139 - ETPRO TROJAN Suspicious Download Inbound (dll.dll) (trojan.rules)
2836140 - ETPRO TROJAN Zebrocy Variant CnC Checkin (trojan.rules)
2836141 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836142 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836143 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server) (trojan.rules)
2836144 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server) (trojan.rules)
2836145 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server) (trojan.rules)
2836146 - ETPRO TROJAN Suspicious Computer Name in User-Agent (trojan.rules)
2836147 - ETPRO TROJAN Megumin Stealer CnC Command (Suicide) (trojan.rules)
2836148 - ETPRO TROJAN Megumin Stealer CnC Command (Msgbox) (trojan.rules)
2836149 - ETPRO TROJAN Megumin Stealer CnC Command (SelfDel) (trojan.rules)
2836150 - ETPRO TROJAN Megumin Stealer CnC Command (Blacklist) (trojan.rules)
2836151 - ETPRO TROJAN Megumin Stealer CnC Command (IsUSB) (trojan.rules)
2836152 - ETPRO TROJAN Megumin Stealer CnC Command (Cpu) (trojan.rules)
2836153 - ETPRO TROJAN Megumin Stealer CnC Command (IsClipper) (trojan.rules)
2836154 - ETPRO TROJAN Megumin Stealer CnC Command (Wallets) (trojan.rules)
2836155 - ETPRO TROJAN Megumin Stealer CnC Command (Reconnect Time) (trojan.rules)
2836156 - ETPRO TROJAN Megumin Stealer CnC Command (Config) (trojan.rules)
2836157 - ETPRO TROJAN Megumin v2 Stealer Completed (trojan.rules)
2836158 - ETPRO TROJAN SSL/TLS Certificate Observed (More_Eggs) (trojan.rules)
2836159 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-30 (current_events.rules)
2836160 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-04-30 (current_events.rules)
2836161 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-04-30 (current_events.rules)
2836162 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-04-30 (current_events.rules)
2836163 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30 (current_events.rules)
2836164 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30 (current_events.rules)
2836165 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-30 (current_events.rules)
2836166 - ETPRO CURRENT_EVENTS Successful Generic Step2 Phish 2019-04-30 (current_events.rules)
2836167 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish 2019-04-30 (current_events.rules)
2836168 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-30 (current_events.rules)
2836169 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-30 (current_events.rules)
2836170 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-04-30 (current_events.rules)
2836171 - ETPRO WEB_CLIENT Possible Google Chrome 'NewFixedDoubleArray' Integer Overflow RCE - Trigger Out of Bounds Stage (web_client.rules)
2836172 - ETPRO TROJAN Win32/Backdoor PING Command (trojan.rules)

[///]     Modified active rules:     [///]

2027177 - ET POLICY Command Shell Activity Over SMB - Possible Lateral Movement (policy.rules)
2027280 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup (trojan.rules)
2832193 - ETPRO TROJAN Vidar/Arkei/Megumin Stealer HTTP POST Pattern (trojan.rules)
2833685 - ETPRO TROJAN W32.Sarwent Checkin -- count (trojan.rules)
2833686 - ETPRO TROJAN W32.Sarwent Checkin -- add_bot (trojan.rules)
2836094 - ETPRO TROJAN Megumin v2 Stealer Task Request (trojan.rules)
2836095 - ETPRO TROJAN Megumin v2 Stealer Checkin (trojan.rules)

Date: 
Monday, April 29, 2019 - 22:00