[***]            Summary:            [***]

10 new Open, 32 new Pro (10 + 22). StrongPity, ServHelper, Alpha Keylogger, CVE-2019-0725, Ursnif, Various Phish.

Thanks @alienvault

[+++]          Added rules:          [+++]

Open:

2027713 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027714 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027715 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027716 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027717 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027718 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027719 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027720 - ET TROJAN SSL/TLS Certificate Observed (StrongPity) (trojan.rules)
2027721 - ET EXPLOIT Possible IE Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752) (exploit.rules)
2027722 - ET TROJAN SLUB Domain in DNS Lookup (trojan.rules)

Pro:

2837552 - ETPRO TROJAN MalDoc Requesting Payload 2019-07-17 (trojan.rules)
2837553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837554 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-17 1) (trojan.rules)
2837555 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-17 2) (trojan.rules)
2837556 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-17 3) (trojan.rules)
2837557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-17 4) (trojan.rules)
2837558 - ETPRO CURRENT_EVENTS Successful Local Bitcoins Phish 2019-07-17 (current_events.rules)
2837559 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-17 (current_events.rules)
2837560 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-07-17 (current_events.rules)
2837561 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2019-07-17 (current_events.rules)
2837562 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-17 (current_events.rules)
2837563 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish 2019-07-17 (current_events.rules)
2837564 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-17 (current_events.rules)
2837565 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-17 (current_events.rules)
2837566 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-17 (current_events.rules)
2837567 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-17 (current_events.rules)
2837568 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-17 (current_events.rules)
2837569 - ETPRO CURRENT_EVENTS Successful mBank Phish 2019-07-17 (current_events.rules)
2837570 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-07-17 (current_events.rules)
2837571 - ETPRO TROJAN Alpha Keylogger CnC Request via Telegram API (trojan.rules)
2837572 - ETPRO TROJAN Alpha Keylogger CnC Response via Telegram API (trojan.rules)
2837573 - ETPRO TROJAN ServHelper CnC Inital Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2807970 - ETPRO TROJAN Win32/Neurevt.A/Betabot Checkin 3 (trojan.rules)

Date: 
Tuesday, July 16, 2019 - 22:00