[***]            Summary:            [***]

5 new Open, 21 new Pro (5 + 16). Palo Alto SSL VPN, Gamardeon, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027723 - ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound) (exploit.rules)
2027724 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027725 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027726 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027727 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)

Pro:

2837574 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-18) (current_events.rules)
2837575 - ETPRO TROJAN Win32/CNMiner CnC Checkin (trojan.rules)
2837576 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2019-07-18 (current_events.rules)
2837577 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-18 (current_events.rules)
2837578 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-18 (current_events.rules)
2837579 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-07-18 (current_events.rules)
2837580 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-07-18 (current_events.rules)
2837588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-18 1) (trojan.rules)
2837589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-18 2) (trojan.rules)
2837590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-18 3) (trojan.rules)
2837591 - ETPRO CURRENT_EVENTS Successful Global Sources Phish 2019-07-18 (current_events.rules)
2837592 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-18 (current_events.rules)
2837593 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-07-18 (current_events.rules)
2837594 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-07-18 (current_events.rules)
2837595 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-07-18 (current_events.rules)
2837596 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-18 (current_events.rules)

[---]         Disabled rules:        [---]

2828060 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)

Date: 
Wednesday, July 17, 2019 - 22:00