[***]            Summary:            [***]

7 new Open, 23 new Pro (7 + 16). Tunna, Win32/Unk.Ursnif, Win32/Absent, Win32/Agent Tesla, and Win32/Remco

[+++]          Added rules:          [+++]

Open:

2028571 - ET USER_AGENTS Observed Suspicious UA (Absent) (user_agents.rules)
2028572 - ET TROJAN Suspected Tunna Proxy M1 (trojan.rules)
2028573 - ET TROJAN Suspected Tunna Proxy M2 (trojan.rules)
2028574 - ET TROJAN Suspected Tunna Proxy M3 (trojan.rules)
2028575 - ET TROJAN Suspected Tunna Proxy M4 (trojan.rules)
2028576 - ET TROJAN Possible Tunna Proxy Activity (Response) (trojan.rules)
2028577 - ET TROJAN Possible Tunna Proxy Closing Connection (trojan.rules)

Pro:

2838432 - ETPRO TROJAN Win32/Absent Loader CnC Checkin (trojan.rules)
2838433 - ETPRO CURRENT_EVENTS Win32/Unk.Ursnif Loader CnC Retrieving Modules 2019-09-12 (current_events.rules)
2838434 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-12) (current_events.rules)
2838435 - ETPRO POLICY Observed DNS Query to DynDNS Domain(myddns .rocks) (policy.rules)
2838436 - ETPRO TROJAN Win32/Agent Tesla SMTP Keystroke Exfil (trojan.rules)
2838437 - ETPRO CURRENT_EVENTS Win32/Unk.Trick Loader Requesting Payload 2019-09-12 (current_events.rules)
2838438 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2838439 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2838440 - ETPRO TROJAN Win32/Azden.A!cl CnC Checkin (trojan.rules)
2838441 - ETPRO TROJAN Obfuscated Base64 MZ masquerading as MP3 (trojan.rules)
2838442 - ETPRO TROJAN Win32/Filecoder.STOP Variant Request for Public Key (trojan.rules)
2838443 - ETPRO TROJAN Win32/Filecoder.STOP Variant Public Key Download (trojan.rules)
2838444 - ETPRO TROJAN Win32/Remcos RAT Checkin 158 (trojan.rules)
2838445 - ETPRO TROJAN Win32/Remcos RAT Checkin 159 (trojan.rules)
2838446 - ETPRO TROJAN Win32/Remcos RAT Checkin 160 (trojan.rules)
2838447 - ETPRO TROJAN Win32/Remcos RAT Checkin 161 (trojan.rules)

[---]         Removed rules:         [---]

2837010 - ETPRO TROJAN Oilrig Payload CnC Checkin (trojan.rules)

Date: 
Wednesday, September 11, 2019 - 22:00