[***]            Summary:            [***]

5 new Open, 24 new Pro (5 + 19). Maze Ransomware, Linux/HiddenWasp, PS/Clyps RAT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027392 - ET TROJAN Possible Maze Ransomware Activity (trojan.rules)
2027393 - ET WEB_SERVER China Chopper WebShell Observed Outbound (web_server.rules)
2027394 - ET INFO PowerShell Internet Connectivity Check via Network GUID Inbound (info.rules)
2027395 - ET TROJAN Linux/HiddenWasp CnC Request (set) (trojan.rules)
2027396 - ET TROJAN Linux/HiddenWasp CnC Response (trojan.rules)

Pro:

2836552 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-05-29) (current_events.rules)
2836553 - ETPRO TROJAN Win32/NPUS Backdoor Checkin (trojan.rules)
2836554 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-05-29 (current_events.rules)
2836555 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-05-29 (current_events.rules)
2836556 - ETPRO CURRENT_EVENTS Successful 1&1 Phish 2019-05-29 (current_events.rules)
2836557 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2019-05-29 (current_events.rules)
2836558 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-05-29 (current_events.rules)
2836559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-29 2) (trojan.rules)
2836560 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-29 1) (trojan.rules)
2836561 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2019-05-29 (current_events.rules)
2836562 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-29 (current_events.rules)
2836563 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-29 (current_events.rules)
2836564 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-05-29 (current_events.rules)
2836565 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-05-29 (current_events.rules)
2836566 - ETPRO TROJAN Pony CnC Domain in SNI (trojan.rules)
2836567 - ETPRO TROJAN PS/Clyps RAT Command Inbound (trojan.rules)
2836568 - ETPRO TROJAN PS/Clyps RAT Recon Script Inbound (trojan.rules)
2836569 - ETPRO TROJAN PS/Clyps RAT POSTing System Recon Results to CnC (trojan.rules)
2836570 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (21f41) (current_events.rules)

[///]     Modified active rules:     [///]

2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (info.rules)
2016223 - ET TROJAN Andromeda Checkin (trojan.rules)
2017261 - ET TROJAN SmokeLoader Checkin (trojan.rules)
2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks Initial (POST) (current_events.rules)
2021151 - ET TROJAN Linux/Moose NAT Traversal CnC Beacon - Sleep (trojan.rules)
2021152 - ET TROJAN Linux/Moose NAT Traversal CnC Beacon - Multiple Tunnel (trojan.rules)
2021413 - ET TROJAN SeaDuke CnC Beacon (trojan.rules)
2021418 - ET TROJAN Bedep HTTP POST CnC Beacon (trojan.rules)
2022901 - ET TROJAN FOX-SRT ShimRat check-in (php) (trojan.rules)
2025162 - ET INFO Suspicious Request for Doc to IP Address with Terse Headers (info.rules)
2026529 - ET CURRENT_EVENTS Successful Fedex/DHL Phish (set) 2018-10-22 (current_events.rules)
2805260 - ETPRO TROJAN Trojan.Win32.Jorik.Yoddos.no Checkin (trojan.rules)
2809682 - ETPRO TROJAN Andromeda/Gamarue Checkin (trojan.rules)
2812433 - ETPRO TROJAN Garveep POST CnC Beacon (trojan.rules)
2815568 - ETPRO TROJAN Terse HTTP 1.0 Request Possible Nivdort (trojan.rules)
2821561 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Request (trojan.rules)
2821641 - ETPRO TROJAN Win32.Shakti HTTP Pattern (trojan.rules)
2829644 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin M2 (trojan.rules)

Date: 
Tuesday, May 28, 2019 - 22:00