[***]            Summary:            [***]

3 new Open, 42 new Pro (3 + 39). Phorpiex, Win32/APosT.egz, MalDoc Downloaders, Various Mobile, Various Phishing.

Thanks: @travisbgreen

[+++]          Added rules:          [+++]

Open:

2027754 - ET TROJAN LooCipher Ransomware Onion Domain (trojan.rules)
2027755 - ET USER_AGENTS Suspicious UA Observed (Quick Macros) (user_agents.rules)
2027756 - ET TROJAN Phorpiex CnC Domain in DNS Lookup (trojan.rules)

Pro:

2837648 - ETPRO MOBILE_MALWARE Android/SmsSpy.BR!tr Contact Exfil via SMTP (mobile_malware.rules)
2837649 - ETPRO MOBILE_MALWARE Andr/SMSSpy-DY Contact Exfil via SMTP (mobile_malware.rules)
2837650 - ETPRO MOBILE_MALWARE AndroidOS/SmsSpy.AH Contact Exfil via SMTP 2 (mobile_malware.rules)
2837651 - ETPRO MOBILE_MALWARE Android.Styricka.GEN6212 Contact Exfil via SMTP (mobile_malware.rules)
2837652 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-24) (current_events.rules)
2837664 - ETPRO TROJAN Win32/APosT.egz CnC Activity (trojan.rules)
2837665 - ETPRO TROJAN Win32/Remcos RAT Checkin 112 (trojan.rules)
2837666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-24 1) (trojan.rules)
2837667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-24 2) (trojan.rules)
2837668 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-24 (current_events.rules)
2837669 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-07-24 (current_events.rules)
2837670 - ETPRO CURRENT_EVENTS Successful TalkTalk Mail Phish 2019-07-24 (current_events.rules)
2837671 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-07-24 (current_events.rules)
2837672 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish 2019-07-24 (current_events.rules)
2837673 - ETPRO CURRENT_EVENTS Successful Wells Fargon Phish 2019-07-24 (current_events.rules)
2837674 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-24 (current_events.rules)
2837675 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance Phish 2019-07-24 (current_events.rules)
2837676 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-07-24 (current_events.rules)
2837677 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP (trojan.rules)
2837678 - ETPRO MALWARE Win32/Downloader.Soft32 Checkin (malware.rules)
2837679 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837680 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837681 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837682 - ETPRO CURRENT_EVENTS MalDoc Downloader - Multiple Hex Encoded Unescape Commands from Pastebin M2 (current_events.rules)
2837683 - ETPRO CURRENT_EVENTS MalDoc Downloader - Multiple Hex Encoded Unescape Commands from Pastebin M1 (current_events.rules)
2837684 - ETPRO TROJAN Win32/Injector.EAHK Activity - Pastebin Data Request (trojan.rules)
2837685 - ETPRO CURRENT_EVENTS Base64 Encoded Paste .ee url in Pastebin (current_events.rules)
2837686 - ETPRO MALWARE Win32/Adware.Zzinfor.U Retrieving Payload Details (malware.rules)

[///]     Modified active rules:     [///]

2026851 - ET TROJAN TeamBot CnC Activity (trojan.rules)
2837003 - ETPRO TROJAN MSIL/Kryptik.RKI Stealer Variant Requesting File Types (trojan.rules)
2837057 - ETPRO TROJAN Win32/Tiggre!rfn Checkin (trojan.rules)
2837548 - ETPRO TROJAN Win32/Remcos RAT Checkin 111 (trojan.rules)

Date: 
Tuesday, July 23, 2019 - 22:00