[***] Summary: [***]
5 new Open, 18 new Pro (5 + 13). Skygofree, Win32.Drun, Various Mobile, Various Phishing.
[+++] Added rules: [+++]
Open:
2025222 - ET EXPLOIT Generic ADSL Router DNS Change Request (exploit.rules)
2025223 - ET EXPLOIT Possible Belkin N600DB Wireless Router Request Forgery Attempt (exploit.rules)
2025224 - ET TROJAN Unknown EXE Dropped by 2017-11882 RTF (trojan.rules)
2025225 - ET TROJAN Win32.Drun Checkin (trojan.rules)
2025226 - ET CURRENT_EVENTS Microsoft Questionnaire Phishing Landing 2018-01-19 (current_events.rules)
Pro:
2829352 - ETPRO INFO Observed Dynamic DNS Domain (*.anondns .net in DNS Lookup) (info.rules)
2829353 - ETPRO CURRENT_EVENTS Successful ATT Phish 2018-01-19 (current_events.rules)
2829354 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Kryptik.GYM) (trojan.rules)
2829355 - ETPRO TROJAN Skygofree CnC Beacon (trojan.rules)
2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net) (info.rules)
2829357 - ETPRO CURRENT_EVENTS Successful Made In China Phish 2018-01-19 (current_events.rules)
2829358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 1) (trojan.rules)
2829359 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 2) (trojan.rules)
2829360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 3) (trojan.rules)
2829361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 4) (trojan.rules)
2829362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 5) (trojan.rules)
2829363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-19 6) (trojan.rules)
2829364 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC) (trojan.rules)
[///] Modified active rules: [///]
2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable file inbound (observed in maldoc campaign) (web_client.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)