[***]            Summary:            [***]

2 new Open, 24 new Pro (2 + 22). ExtraPulsar Backdoor, Win32/Injector.Autoit.DYN, Various Mobile, Various Phishing.

Thanks: GM CIRT

[+++]          Added rules:          [+++]

Open:

2027370 - ET TROJAN Suspected ExtraPulsar Backdoor (trojan.rules)
2027371 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-05-21 (current_events.rules)

Pro:

2836407 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.cr Checkin (mobile_malware.rules)
2836408 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.C Checkin (mobile_malware.rules)
2836409 - ETPRO USER_AGENTS Windows and Mac User-Agent in header M1 (user_agents.rules)
2836410 - ETPRO USER_AGENTS Windows and Mac User-Agent in header M2 (user_agents.rules)
2836411 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-21 1) (trojan.rules)
2836412 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-05-21) (current_events.rules)
2836413 - ETPRO TROJAN MSIL.TScope Checkin 7 (trojan.rules)
2836414 - ETPRO TROJAN MSIL.TScope Checkin 8 (trojan.rules)
2836415 - ETPRO TROJAN MSIL.TScope Checkin 9 (trojan.rules)
2836416 - ETPRO TROJAN MSIL.TScope Checkin 10 (trojan.rules)
2836417 - ETPRO TROJAN MSIL.TScope Checkin 11 (trojan.rules)
2836418 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin Phish 2019-05-21 (current_events.rules)
2836419 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-21 (current_events.rules)
2836420 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-21 (current_events.rules)
2836421 - ETPRO CURRENT_EVENTS Successful Adobe ID Phish 2019-05-21 (current_events.rules)
2836422 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-05-21 (current_events.rules)
2836423 - ETPRO CURRENT_EVENTS Successful Personalized Windows Account Phish 2019-05-21 (current_events.rules)
2836424 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish 2019-05-21 (current_events.rules)
2836425 - ETPRO CURRENT_EVENTS Successful Banco Safra Phish 2019-05-21 (current_events.rules)
2836426 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-05-21 (current_events.rules)
2836427 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2836428 - ETPRO TROJAN Win32/Injector.Autoit.DYN CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2016537 - ET INFO GET Minimal HTTP Headers Flowbit Set (info.rules)
2027369 - ET EXPLOIT [NCC GROUP] Possible Inbound RDP Exploitation Attempt (CVE-2019-0708) (exploit.rules)
2836336 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D Checkin 3 (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2100540 - GPL CHAT MSN message (chat.rules)
2102523 - GPL MISC BGP spoofed connection reset attempt (misc.rules)

Date: 
Monday, May 20, 2019 - 22:00