[***] Summary: [***]
5 new Open, 22 new Pro (5 + 17). Win32/QwertMiner, MSIL/XanaduMiner, Emrethob CnC, Various Phishing.
Thanks: @MalwrHunterTeam
[+++] Added rules: [+++]
Open:
2025242 - ET CURRENT_EVENTS Blocked Incoming Emails Phishing Landing 2018-01-23 (current_events.rules)
2025243 - ET CURRENT_EVENTS ABSA Online Phishing Landing 2018-01-23 (current_events.rules)
2025244 - ET CURRENT_EVENTS AT&T Phishing Landing 2018-01-23 (current_events.rules)
2025245 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-01-23 (current_events.rules)
2025246 - ET CURRENT_EVENTS LCL Banque et Assurance (FR) Phishing Landing 2018-01-23 (current_events.rules)
Pro:
2829377 - ETPRO TROJAN Samsam Payment Domain Observed (jcmi5n4c3mvgtyt5 in DNS Lookup) (trojan.rules)
2829378 - ETPRO TROJAN Win32/QwertMiner CnC Checkin (trojan.rules)
2829379 - ETPRO TROJAN MSIL/XanaduMiner CnC Checkin (trojan.rules)
2829381 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-23 (current_events.rules)
2829382 - ETPRO TROJAN CrimeScene IRC Bot Checkin (trojan.rules)
2829383 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Payload 2018-01-23) (current_events.rules)
2829384 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE Component Buffer Overflow Attempt M1 (exploit.rules)
2829385 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE Component Buffer Overflow Attempt M2 (exploit.rules)
2829386 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE Component Buffer Overflow Attempt M3 (exploit.rules)
2829387 - ETPRO EXPLOIT Possible CVE-2017-11882 MS Equation 3.0 OLE Component Buffer Overflow Attempt M4 (exploit.rules)
2829388 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-23 1) (trojan.rules)
2829389 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-23 2) (trojan.rules)
2829390 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-23 3) (trojan.rules)
2829391 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-23 4) (trojan.rules)
2829392 - ETPRO CURRENT_EVENTS Successful Oracle/PeopleSoft Phish 2018-01-23 (current_events.rules)
2829393 - ETPRO TROJAN Emrethob CnC Check-in (trojan.rules)
2829394 - ETPRO TROJAN Emrethob CnC Heartbeat (trojan.rules)
[///] Modified active rules: [///]
2828914 - ETPRO TROJAN MSIL/Hon.DoS.Tool CnC Checkin (trojan.rules)
2829231 - ETPRO TROJAN Win32/Smominru Coinminer Checkin (trojan.rules)