[***]            Summary:            [***]

7 new Open, 38 new Pro (7 + 31). IoT Botnet Checkin, LooCipher Ransomware CnC, Various Phishing and Android.

Thanks James Lay

[+++]          Added rules:          [+++]

Open:

2027490 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidsmedia .com in DNS Lookup) (mobile_malware.rules)
2027491 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidssystem .com in DNS Lookup) (mobile_malware.rules)
2027492 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (secandroid .com in DNS Lookup) (mobile_malware.rules)
2027493 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediadownload .space in DNS Lookup) (mobile_malware.rules)
2027494 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediamobilereg .com in DNS Lookup) (mobile_malware.rules)
2027495 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (sharpion .org in DNS Lookup) (mobile_malware.rules)
2027496 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (shileyfetwell .com in DNS Lookup) (mobile_malware.rules)

Pro:

2836911 - ETPRO TROJAN Win32/Dexoc Reporting System Infomation (trojan.rules)
2836912 - ETPRO TROJAN Win32/Dexoc Server Response (trojan.rules)
2836913 - ETPRO TROJAN MuddyWater MalDoc CnC Activity (trojan.rules)
2836914 - ETPRO TROJAN ELF/Various IoT Botnet CnC Checkin (trojan.rules)
2836915 - ETPRO CURRENT_EVENTS Successful Bittrex Phish 2019-06-19 (current_events.rules)
2836916 - ETPRO CURRENT_EVENTS Successful Bethpage Federal Credit Union Phish 2019-06-19 (current_events.rules)
2836917 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-19 (current_events.rules)
2836918 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-19 (current_events.rules)
2836919 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-06-19 (current_events.rules)
2836920 - ETPRO CURRENT_EVENTS Successful MWeb Email Phish 2019-06-19 (current_events.rules)
2836921 - ETPRO CURRENT_EVENTS Successful Generic Need Phish 2019-06-19 (current_events.rules)
2836922 - ETPRO CURRENT_EVENTS Successful Centurylink Phish 2019-06-19 (current_events.rules)
2836923 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-19 (current_events.rules)
2836924 - ETPRO CURRENT_EVENTS Successful Amazon DE Phish 2019-06-19 (current_events.rules)
2836925 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2019-06-19 (current_events.rules)
2836926 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-19 (current_events.rules)
2836927 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-19 (current_events.rules)
2836928 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-19 (current_events.rules)
2836929 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2019-06-19 (current_events.rules)
2836930 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-19 1) (trojan.rules)
2836931 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-19 2) (trojan.rules)
2836932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-19 3) (trojan.rules)
2836933 - ETPRO MOBILE_MALWARE Android/Hiddad.ACJ Checkin (mobile_malware.rules)
2836934 - ETPRO TROJAN LooCipher Ransomware CnC (trojan.rules)
2836935 - ETPRO TROJAN Unknown Payload CnC Checkin (trojan.rules)
2836936 - ETPRO TROJAN SSL/TLS Certificate Observed (IcedID CnC) (trojan.rules)
2836937 - ETPRO TROJAN Possible Sliver Framework HTTP Payload Communicating with CnC (trojan.rules)
2836938 - ETPRO TROJAN MuddyWater Payload CnC Checkin (trojan.rules)
2836939 - ETPRO POLICY PowerShell with Downloading Capabilities Inbound via HTTP (policy.rules)
2836940 - ETPRO POLICY PS/PowerCat Inbound via HTTP (policy.rules)
2836941 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ANA Checkin (mobile_malware.rules)

[///]     Modified active rules:     [///]

2836595 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT Server) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2836842 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.CC Checkin (mobile_malware.rules)

Date: 
Tuesday, June 18, 2019 - 22:00