[***]            Summary:            [***]

4 new Open, 33 new Pro (4 + 29).  Win32/BlackSec, HAWKBALL, CVE-2019-10149, Various Phish.

[+++]          Added rules:          [+++]

Open:

[***] Results from Oinkmaster started Fri Jun  7 18:21:46 2019 [***]

[+++]          Added rules:          [+++]

2027439 - ET TROJAN HAWKBALL CnC Initial Request (trojan.rules)
2027440 - ET TROJAN HAWKBALL CnC Activity (trojan.rules)
2027441 - ET TROJAN HAWKBALL CnC Sending System Information (trojan.rules)
2027442 - ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149) (exploit.rules)

Pro:

2836715 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.g Reporting Infection via SMTP (mobile_malware.rules)
2836716 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hk Reporting Infection via SMTP (mobile_malware.rules)
2836717 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lj Contact Exfil via SMTP (mobile_malware.rules)
2836718 - ETPRO TROJAN Win32/BlackSec CnC Retrieving Commands (trojan.rules)
2836719 - ETPRO TROJAN Win32/BlackSec Uploading Screenshot (trojan.rules)
2836720 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-07) (current_events.rules)
2836721 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-07 2) (current_events.rules)
2836722 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish 2019-06-07 (current_events.rules)
2836723 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-07 (current_events.rules)
2836724 - ETPRO CURRENT_EVENTS Successful SFR Mail Phish 2019-06-07 (current_events.rules)
2836725 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-06-07 (current_events.rules)
2836726 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-06-07 (current_events.rules)
2836727 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-07 (current_events.rules)
2836728 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-06-07 (current_events.rules)
2836729 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-06-07 (current_events.rules)
2836730 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-06-07 (current_events.rules)
2836731 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-06-07 (current_events.rules)
2836732 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish 2019-06-07 (current_events.rules)
2836733 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish 2019-06-07 (current_events.rules)
2836734 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish 2019-06-07 (current_events.rules)
2836735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-07 1) (trojan.rules)
2836736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-07 2) (trojan.rules)
2836737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-07 3) (trojan.rules)
2836738 - ETPRO TROJAN Observed Malicious SSL Cert (Ostap CnC) (trojan.rules)
2836739 - ETPRO POLICY Observed Suspicious SSL Cert (fvds .ru) (policy.rules)
2836740 - ETPRO TROJAN Observed Malicious SSL Cert (Metamorfo CnC) (trojan.rules)
2836741 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC) (trojan.rules)
2836742 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC) (trojan.rules)
2836743 - ETPRO TROJAN MuddyWaters PowerShell RAT Check-in (trojan.rules)

[///]     Modified active rules:     [///]

2814669 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.i Checkin (mobile_malware.rules)
2836633 - ETPRO EXPLOIT BlackSquid Failed ThinkPHP Payload Inbound (exploit.rules)
2836656 - ETPRO TROJAN Win32/BlackSec CnC Checkin M1 (trojan.rules)
2836657 - ETPRO TROJAN Win32/BlackSec CnC Checkin M2 (trojan.rules)
2836658 - ETPRO TROJAN Win32/BlackSec Uploading Process List to CnC (trojan.rules)
2836659 - ETPRO TROJAN Win32/BlackSec Uploading Wifi Data to CnC (trojan.rules)

Date: 
Thursday, June 6, 2019 - 22:00