[***]            Summary:            [***]

2 new Open, 15 new Pro (2 + 13).  Segrev, AridViper, Various SSL/TLS, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027311 - ET TROJAN JAR/Qealler Stealer HTTP Headers Observed (trojan.rules)
2027312 - ET TROJAN AridViper CnC Domain in SNI (trojan.rules)

Pro:

2836198 - ETPRO TROJAN Segrev Stealer FakeZip Conn Check (trojan.rules)
2836199 - ETPRO TROJAN Segrev Stealer Sending Screenshot (trojan.rules)
2836200 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836201 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836202 - ETPRO TROJAN SSL/TLS Certificate Observed (KPOT) (trojan.rules)
2836203 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-02 (current_events.rules)
2836204 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-02 (current_events.rules)
2836205 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2836206 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2836207 - ETPRO TROJAN Evil Keitaro TDS CnC Domain in DNS Lookup (trojan.rules)
2836208 - ETPRO TROJAN Observed Malicious SSL Cert (Evil Keitaro TDS CnC) (trojan.rules)
2836209 - ETPRO TROJAN Observed Malicious SSL Cert (Fallout EK CnC) (trojan.rules)
2836210 - ETPRO TROJAN SSL/TLS Certificate Observed (SectorB06 Dropper) (trojan.rules)

[///]     Modified active rules:     [///]

2834676 - ETPRO TROJAN AridViper CnC Activity (trojan.rules)

Date: 
Wednesday, May 1, 2019 - 22:00