[***]            Summary:            [***]

5 new Open, 18 new Pro (5 + 13). Skygofree, Win32.Drun, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025222 - ET EXPLOIT Generic ADSL Router DNS Change Request (exploit.rules)
2025223 - ET EXPLOIT Possible Belkin N600DB Wireless Router Request Forgery Attempt (exploit.rules)
2025224 - ET TROJAN Unknown EXE Dropped by 2017-11882 RTF (trojan.rules)
2025225 - ET TROJAN Win32.Drun Checkin (trojan.rules)
2025226 - ET CURRENT_EVENTS Microsoft Questionnaire Phishing Landing 2018-01-19 (current_events.rules)

Pro:

2829352 - ETPRO INFO Observed Dynamic DNS Domain (*.anondns .net in DNS Lookup) (info.rules)
2829353 - ETPRO CURRENT_EVENTS Successful ATT Phish 2018-01-19 (current_events.rules)
2829354 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Kryptik.GYM) (trojan.rules)
2829355 - ETPRO TROJAN Skygofree CnC Beacon (trojan.rules)
2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net) (info.rules)
2829357 - ETPRO CURRENT_EVENTS Successful Made In China Phish 2018-01-19 (current_events.rules)
2829358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 1) (trojan.rules)
2829359 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 2) (trojan.rules)
2829360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 3) (trojan.rules)
2829361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 4) (trojan.rules)
2829362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 5) (trojan.rules)
2829363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 6) (trojan.rules)
2829364 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable file inbound (observed in maldoc campaign) (web_client.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)

Date:
Summary title:
5 new Open, 18 new Pro (5 + 13). Skygofree, Win32.Drun, Various Mobile, Various Phishing.