[***]            Summary:            [***]

9 new Open, 37 new Pro (9 + 28). Linux.Ngioweb, ServHelper, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027503 - ET USER_AGENTS Observed Suspicious UA (Hello, World) (user_agents.rules)
2027504 - ET USER_AGENTS Observed Suspicious UA (Hello-World) (user_agents.rules)
2027505 - ET TROJAN Observed Malicious UA (Skuxray) (trojan.rules)
2027506 - ET TROJAN Win32/Plurox Backdoor CnC Checkin (trojan.rules)
2027507 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Client Request (set) (trojan.rules)
2027508 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Server Response (WAIT) (trojan.rules)
2027509 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Server Response (CONNECT) (trojan.rules)
2027510 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Server Response (DISCONNECT) (trojan.rules)
2027511 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Server Response (CERT) (trojan.rules)

Pro:

2836949 - ETPRO TROJAN Win32/Evil FTP Downloader Session Inbound (trojan.rules)
2836950 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-21) (current_events.rules)
2836951 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-06-20 (current_events.rules)
2836952 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-06-20 (current_events.rules)
2836953 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-06-21 (current_events.rules)
2836954 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2019-06-21 (current_events.rules)
2836955 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-06-21 (current_events.rules)
2836956 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-21 (current_events.rules)
2836957 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-21 (current_events.rules)
2836958 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2019-06-21 (current_events.rules)
2836959 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-06-21 (current_events.rules)
2836960 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2019-06-21 (current_events.rules)
2836961 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-06-21 (current_events.rules)
2836962 - ETPRO CURRENT_EVENTS Successful Neteller Phish 2019-06-21 (current_events.rules)
2836963 - ETPRO CURRENT_EVENTS Successful Neteller Phish 2019-06-21 (current_events.rules)
2836964 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-06-21 (current_events.rules)
2836965 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-06-21 (current_events.rules)
2836966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-21 1) (trojan.rules)
2836967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-21 2) (trojan.rules)
2836968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-21 3) (trojan.rules)
2836969 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-21 4) (trojan.rules)
2836970 - ETPRO TROJAN Observed Malicious SSL Cert (KPOT CnC) (trojan.rules)
2836971 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2836972 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2836973 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2836974 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2836975 - ETPRO TROJAN Win32/Andromeda Variant Checkin (2019-06-20)  (trojan.rules)
2836976 - ETPRO CURRENT_EVENTS Known Evil Inject on Compromised Revive AdServer (2019-06-20) (current_events.rules)

[///]     Modified active rules:     [///]

2027442 - ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149) (exploit.rules)
2835637 - ETPRO TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
2836836 - ETPRO TROJAN Sharik/Smoke CnC Beacon 14 (trojan.rules)
2836948 - ETPRO TROJAN Truebot/SilenceDownloader CnC Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2836297 - ETPRO TROJAN Win32/Pterodo.NG Checkin 3 (trojan.rules)

Date: 
Thursday, June 20, 2019 - 22:00