[***]            Summary:            [***]

12 new Open, 33 new Pro (12 + 21).  LNKR, BlackSquid, Quasar RAT, Various Phish.

Thanks Baber Pervez.

[+++]          Added rules:          [+++]

Open:

2027418 - ET MALWARE LNKR Request for validate-site.js (malware.rules)
2027419 - ET MALWARE LNKR CnC Activity M1 (malware.rules)
2027420 - ET MALWARE LNKR CnC Activity M2 (malware.rules)
2027421 - ET MALWARE LNKR CnC Activity M3 (malware.rules)
2027422 - ET MALWARE LNKR Request for LNKR js file M1 (malware.rules)
2027423 - ET MALWARE LNKR Request for LNKR js file M2 (malware.rules)
2027424 - ET MALWARE LNKR Possible Response for LNKR js file (malware.rules)
2027425 - ET MALWARE LNKR landing page (possible compromised site) M1 (malware.rules)
2027426 - ET MALWARE LNKR landing page (possible compromised site) M2 (malware.rules)
2027427 - ET MALWARE LNKR landing page (possible compromised site) M3 (malware.rules)
2027428 - ET MALWARE LNKR landing page (possible compromised site) M4 (malware.rules)
2027429 - ET MALWARE LNKR landing page (possible compromised site) M5 (malware.rules)

Pro:

2836613 - ETPRO POLICY Observed Aida64 System Profilier User-Agent (AIDA64) (policy.rules)
2836614 - ETPRO TROJAN Win32/Unk.CNBD CnC Checkin (trojan.rules)
2836615 - ETPRO TROJAN ELF/Miori Variant CnC Activity (trojan.rules)
2836616 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-06-03 (current_events.rules)
2836617 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-03 (current_events.rules)
2836618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-03 1) (trojan.rules)
2836619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-03 2) (trojan.rules)
2836620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-03 3) (trojan.rules)
2836621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-03 4) (trojan.rules)
2836622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-03 5) (trojan.rules)
2836623 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-06-03 (current_events.rules)
2836624 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-06-03 (current_events.rules)
2836625 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-06-03 (current_events.rules)
2836626 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-06-03 (current_events.rules)
2836627 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-06-03 (current_events.rules)
2836628 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-06-03 (current_events.rules)
2836629 - ETPRO TROJAN SSL/TLS Certificate Observed (FIN7 Griffon) (trojan.rules)
2836630 - ETPRO TROJAN Datper CnC Request (trojan.rules)
2836632 - ETPRO TROJAN Possible Quasar RAT Websocket Document Exfil Parameters Received (trojan.rules)
2836633 - ETPRO EXPLOIT BlackSquid Failed ThinkPHP Payload Inbound (exploit.rules)
2836634 - ETPRO TROJAN Win32/Phorpiex Bot Checkin (via HTTP) (trojan.rules)

[///]     Modified active rules:     [///]

2017259 - ET TROJAN Generic - POST To .php w/Extended ASCII Characters (trojan.rules)
2022054 - ET INFO Possible MSXMLHTTP Request to Dotted Quad (info.rules)
2026731 - ET WEB_SERVER ThinkPHP RCE Exploitation Attempt (web_server.rules)
2027392 - ET TROJAN Maze/ID Ransomware Activity (trojan.rules)
2809511 - ETPRO TROJAN Win32/Terdot.A / Zloader Checkin (trojan.rules)
2810991 - ETPRO TROJAN SEDNIT CnC Beacon 1 (trojan.rules)
2814979 - ETPRO EXPLOIT SSL Certificate With Directory Traversal (exploit.rules)
2815440 - ETPRO TROJAN Elmer Checkin (trojan.rules)
2816165 - ETPRO TROJAN Win32/Neutrino checkin 4 (trojan.rules)
2821569 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 M2 (trojan.rules)
2822213 - ETPRO TROJAN Possible Zeus Panda SSL Cert Observed (trojan.rules)
2826256 - ETPRO TROJAN Targeted PowerShell Retrieving Payload (trojan.rules)
2828190 - ETPRO MALWARE Win32/FileFinder Adware Install Activity (malware.rules)

Date: 
Sunday, June 2, 2019 - 22:00