[***]            Summary:            [***]

7 new Open, 27 new Pro (20 + 7). Nemty Ransomware, Alpha Stealer, Coinminers, Various PHISHING

[+++]          Added rules:          [+++]

Open:

2027913 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M1 (trojan.rules)
2027914 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M2 (trojan.rules)
2027915 - ET POLICY External Geo IP Lookup (api .db-ip .com) (policy.rules)
2027916 - ET USER_AGENTS Observed Suspicious UA (Chrome) (user_agents.rules)
2027917 - ET TROJAN Win32/Alpha Stealer v1.5 PWS Exfil via HTTP (trojan.rules)
2027918 - ET POLICY Quad9 DNS Over TLS Certificate Inbound (policy.rules)
2027919 - ET POLICY Observed External IP Lookup Domain (ipconfig .cf in TLS SNI) (policy.rules)

Pro:

2838173 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-08-26) (current_events.rules)
2838174 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-08-26 2) (current_events.rules)
2838175 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-08-26 (current_events.rules)
2838176 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-26 (current_events.rules)
2838177 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-26 (current_events.rules)
2838178 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-08-26 (current_events.rules)
2838179 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-26 (current_events.rules)
2838180 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-08-26 (current_events.rules)
2838181 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-26 (current_events.rules)
2838182 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-26 (current_events.rules)
2838183 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-08-26 (current_events.rules)
2838184 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-08-26 (current_events.rules)
2838185 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (36281) (current_events.rules)
2838187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 1) (trojan.rules)
2838188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 2) (trojan.rules)
2838189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 3) (trojan.rules)
2838190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 4) (trojan.rules)
2838191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 5) (trojan.rules)
2838192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-26 6) (trojan.rules)
2838193 - ETPRO TROJAN Win32/Remcos RAT Checkin 137 (trojan.rules)

Date: 
Sunday, August 25, 2019 - 22:00