[***]            Summary:            [***]

13 new Open, 27 new Pro (13 + 14). ShellTea, BADHATCH, Win32/F1 Loader, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027741 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027742 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027743 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027744 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027745 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027746 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027747 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027748 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027749 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027750 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027751 - ET TROJAN [GIGAMON_ATR] FIN8 BADHATCH Remote Shell Banner (trojan.rules)
2027752 - ET TROJAN [GIGAMON_ATR] FIN8 BADHATCH CnC Checkin (trojan.rules)
2027753 - ET TROJAN Observed Malicious SSL Cert (Various CnC) (trojan.rules)

Pro:

2837634 - ETPRO TROJAN Win32/F1 Loader CnC Checkin (trojan.rules)
2837635 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-07-23 (current_events.rules)
2837636 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-07-23 (current_events.rules)
2837637 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-07-23 (current_events.rules)
2837638 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-23 (current_events.rules)
2837639 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-07-23 (current_events.rules)
2837640 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-07-23 (current_events.rules)
2837641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-23 1) (trojan.rules)
2837642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-23 2) (trojan.rules)
2837643 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Config Inbound (trojan.rules)
2837644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837645 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837646 - ETPRO EXPLOIT Possible NOP Sled on RDP Port (exploit.rules)
2837647 - ETPRO POLICY HTTP Request to External IP Lookup Domain (ip1 .dynupdate .no-ip .com) (policy.rules)

[///]     Modified active rules:     [///]

2837617 - ETPRO TROJAN Likely Hostile DNS Query for Hex Encoded IP Address as Domain Name (trojan.rules)
2837632 - ETPRO USER_AGENTS Win32/MegaSearch Adware Related UA (user_agents.rules)

Date: 
Monday, July 22, 2019 - 22:00