[***]            Summary:            [***]

8 new Open, 26 new Pro (8 + 18). Houdini/H-Worm, Win32/Blacknix, Various Phishing.

Thanks @James_inthe_box

[+++]          Added rules:          [+++]

Open:

2027728 - ET TROJAN Win32/Ketrican CnC Activity (trojan.rules)
2027729 - ET TROJAN Windigo SSH Connection Received (Ebury < 1.7.0) (trojan.rules)
2027730 - ET TROJAN Windigo SSH Connection Received (Ebury > 1.7.0) (trojan.rules)
2027731 - ET TROJAN Win32/Blacknix CnC Checkin (trojan.rules)
2027732 - ET TROJAN Win32/Blacknix CnC Heartbeat (trojan.rules)
2027733 - ET POLICY Disposable Email Provider Domain in DNS Lookup (www .yopmail .com) (policy.rules)
2027734 - ET TROJAN Proyecto RAT Variant - Yopmail Login attempt (set) (trojan.rules)
2027735 - ET TROJAN Proyecto RAT Variant - Yopmail Stage 2 CnC Retrieval (trojan.rules)

Pro:

2837597 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Variant Checkin (trojan.rules)
2837598 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Config Inbound (trojan.rules)
2837599 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Miner Activity (trojan.rules)
2837600 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837601 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-19) (current_events.rules)
2837602 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2019-07-19 (current_events.rules)
2837603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-19 1) (trojan.rules)
2837604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-19 2) (trojan.rules)
2837605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-19 3) (trojan.rules)
2837606 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-07-19 (current_events.rules)
2837607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-19 (current_events.rules)
2837608 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-19 (current_events.rules)
2837609 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-07-19 (current_events.rules)
2837610 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-07-19 (current_events.rules)
2837611 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-19 (current_events.rules)
2837612 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-19 (current_events.rules)
2837613 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-19 (current_events.rules)
2837614 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2019-07-19 (current_events.rules)

[///]     Modified active rules:     [///]

2017994 - ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm Checkin UA (trojan.rules)

[---]  Disabled and modified rules:  [---]

2837196 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin 2 (mobile_malware.rules)

Date: 
Thursday, July 18, 2019 - 22:00