[***]            Summary:            [***]

4 new Open, 38 new Pro (4 + 34).  ICEFOG-P, Necurs, Ursnif, Various SSL/TLS, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027430 - ET POLICY External IP Lookup Request (policy.rules)
2027431 - ET TROJAN ICEFOG-P Variant CnC Checkin M1 (trojan.rules)
2027432 - ET TROJAN ICEFOG-P Variant CnC Checkin M2 (trojan.rules)
2027433 - ET WEB_SERVER BlackSquid JSP Webshell Outbound (web_server.rules)

Pro:

2836635 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.VpsDrop.b Checkin (mobile_malware.rules)
2836636 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL CnC Beacon (mobile_malware.rules)
2836637 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836638 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-04) (current_events.rules)
2836639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-04 1) (trojan.rules)
2836640 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-06-04 (current_events.rules)
2836641 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-06-04 (current_events.rules)
2836642 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-04 (current_events.rules)
2836643 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-06-04 (current_events.rules)
2836644 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-06-04 (current_events.rules)
2836645 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-06-04 (current_events.rules)
2836646 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-04 (current_events.rules)
2836647 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish 2019-06-04 (current_events.rules)
2836648 - ETPRO CURRENT_EVENTS Successful CrediCard Phish 2019-06-04 (current_events.rules)
2836649 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-04 (current_events.rules)
2836650 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-06-04 (current_events.rules)
2836651 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-04 (current_events.rules)
2836652 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-06-04 (current_events.rules)
2836653 - ETPRO TROJAN Win32/Barys IRC Bot Variant CnC Checkin (trojan.rules)
2836654 - ETPRO TROJAN Venom Proxy CnC Beacon (flowbit set) (trojan.rules)
2836655 - ETPRO TROJAN Venom Proxy CnC Beacon (trojan.rules)
2836656 - ETPRO TROJAN Unk/Rasftuby.Gen CnC Checkin M1 (trojan.rules)
2836657 - ETPRO TROJAN Unk/Rasftuby.Gen CnC Checkin M2 (trojan.rules)
2836658 - ETPRO TROJAN Unk/Rasftuby.Gen Uploading Process List to CnC (trojan.rules)
2836659 - ETPRO TROJAN Unk/Rasftuby.Gen Uploading Wifi Data to CnC (trojan.rules)
2836660 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC) (trojan.rules)
2836661 - ETPRO TROJAN Observed Malicious SSL Cert (Quasar RAT Staging Server CnC) (trojan.rules)
2836662 - ETPRO TROJAN Gootkit CnC Domain in SNI (trojan.rules)
2836663 - ETPRO TROJAN Win32/Necurs CnC Checkin (trojan.rules)
2836664 - ETPRO TROJAN Ursnif Variant CnC Beacon 12 (trojan.rules)
2836665 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836666 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836667 - ETPRO TROJAN Atom Logger exfil via SMTP M2 (trojan.rules)
2836668 - ETPRO INFO RTF Document containing cmd and powershell (info.rules)

[///]     Modified active rules:     [///]

2807079 - ETPRO TROJAN Icefog Checkin (trojan.rules)

Date: 
Monday, June 3, 2019 - 22:00