[***]            Summary:            [***]

2 new Open, 43 new Pro (2 + 41). Aspire Stealer, DonotGroup stuff, YTY/EHDeve, Oilrig, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027512 - ET TROJAN Possible PowerShell Empire Activity Outbound (trojan.rules)
2027513 - ET EXPLOIT FCM-MB40 Attempted Remote Command Execution as Root (exploit.rules)

Pro:

2836977 - ETPRO TROJAN Aspire Stealer CnC Checkin (trojan.rules)
2836978 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-24) (current_events.rules)
2836979 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-06-24 (current_events.rules)
2836980 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-06-24 (current_events.rules)
2836981 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-24 (current_events.rules)
2836982 - ETPRO CURRENT_EVENTS Successful OTP Direkt Phish 2019-06-24 (current_events.rules)
2836983 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-24 (current_events.rules)
2836984 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-06-24 (current_events.rules)
2836985 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-24 (current_events.rules)
2836986 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-06-24 (current_events.rules)
2836987 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-06-24 (current_events.rules)
2836988 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-24 (current_events.rules)
2836989 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2019-06-24 (current_events.rules)
2836990 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-24 (current_events.rules)
2836991 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-06-24 (current_events.rules)
2836992 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-06-24 (current_events.rules)
2836993 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-06-24 (current_events.rules)
2836994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 1) (trojan.rules)
2836995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 2) (trojan.rules)
2836996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 3) (trojan.rules)
2836997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 4) (trojan.rules)
2836998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 5) (trojan.rules)
2836999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 6) (trojan.rules)
2837000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-24 7) (trojan.rules)
2837001 - ETPRO TROJAN Possible Cobalt Strike DNS Tunneling (trojan.rules)
2837002 - ETPRO TROJAN SSL/TLS Certificate Observed (Downloader.Agent.FLQ) (trojan.rules)
2837003 - ETPRO TROJAN MSIL/Kryptik.RKI Stealer Variant Requesting File Types (trojan.rules)
2837004 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)
2837005 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)
2837006 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)
2837007 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)
2837008 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC) (trojan.rules)
2837009 - ETPRO TROJAN DonotGroup APT YTY/EHDevel CnC Checkin (trojan.rules)
2837010 - ETPRO TROJAN Oilrig Payload CnC Checkin (trojan.rules)
2837011 - ETPRO POLICY Suspicious Server Response with Mangled Content-Length Field (policy.rules)
2837012 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (e0796) (current_events.rules)
2837013 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (00831) (current_events.rules)
2837014 - ETPRO TROJAN Observed Malicious SSL Cert (Danabot CnC) (trojan.rules)
2837015 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2837016 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2837017 - ETPRO TROJAN Possible DonotGroup YTY 2.0 CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2831025 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 7) (trojan.rules)
2833824 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2834066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-21 13) (trojan.rules)
2836948 - ETPRO TROJAN Truebot/SilenceDownloader CnC Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2836297 - ETPRO TROJAN Win32/Pterodo.NG Checkin 3 (trojan.rules)

Date: 
Sunday, June 23, 2019 - 22:00