Daily Ruleset Update Summary 2018/01/25

[***]            Summary:            [***]

5 new Open, 24 new Pro (5 + 19). ELF/TooEasy, W32.Sverki, MSIL/Plumb3rMiner, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025247 - ET CURRENT_EVENTS Paypal Phishing Landing2018-01-25 (current_events.rules)
2025248 - ET CURRENT_EVENTS Generic Multi-Email Popupwnd Phishing Landing2018-01-25 (current_events.rules)
2025249 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing2018-01-25 (current_events.rules)
2025250 - ET CURRENT_EVENTS Office 365 Phishing Landing2018-01-25 (current_events.rules)
2025251 - ET TROJAN ELF/TooEasy Miner CnC Checkin (trojan.rules)

Pro:

2829430 - ETPRO CURRENT_EVENTS Successful Docusign Phish2018-01-25 (current_events.rules)
2829431 - ETPRO CURRENT_EVENTS Successful Linkedin Phish2018-01-25 (current_events.rules)
2829432 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-25 M1 (current_events.rules)
2829433 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-25 M2 (current_events.rules)
2829434 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.O CnC Beacon (mobile_malware.rules)
2829435 - ETPRO CURRENT_EVENTS Successful Facebook Phish2018-01-25 (current_events.rules)
2829436 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in DNS Lookup) (trojan.rules)
2829437 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in TLS SNI) (trojan.rules)
2829438 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 26 (mobile_malware.rules)
2829439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-25 1) (trojan.rules)
2829440 - ETPRO TROJAN Andariel Andarat CnC Beacon (trojan.rules)
2829441 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-25 2) (trojan.rules)
2829442 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij SMS/Contact Exfil via SMTP (mobile_malware.rules)
2829443 - ETPRO TROJAN MSIL/Plumb3rMiner CnC Checkin (trojan.rules)
2829444 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-25 (current_events.rules)
2829445 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Payload2018-01-25) (current_events.rules)
2829446 - ETPRO CURRENT_EVENTS Receive Secure Cloud Files Phishing Landing2017-12-12 (current_events.rules)
2829447 - ETPRO CURRENT_EVENTS Successful Banque Populaire (FR) Phish2018-01-25 M1 (current_events.rules)
2829448 - ETPRO CURRENT_EVENTS Successful Banque Populaire (FR) Phish2018-01-25 M2 (current_events.rules)

[///]     Modified active rules:     [///]

2827642 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Aug 242017 (current_events.rules)
2828790 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gen CnC Beacon (mobile_malware.rules)
2828810 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 250 (mobile_malware.rules)
2828811 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 251 (mobile_malware.rules)
2828812 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 252 (mobile_malware.rules)
2828841 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 253 (mobile_malware.rules)
2828856 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 254 (mobile_malware.rules)
2828875 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin 2 (mobile_malware.rules)
2828883 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 255 (mobile_malware.rules)
2828893 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i Checkin (mobile_malware.rules)
2828894 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i CnC Beacon (mobile_malware.rules)
2828959 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 256 (mobile_malware.rules)
2828967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 257 (mobile_malware.rules)
2828988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 258 (mobile_malware.rules)
2829302 - ETPRO CURRENT_EVENTS Successful Optus Webmail Phish2018-01-16 (current_events.rules)
2829338 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin (mobile_malware.rules)
2829339 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 2 (mobile_malware.rules)
2829340 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 3 (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv .ps) (policy.rules)

[---]         Removed rules:         [---]

2012401 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby Download Secondary Request (current_events.rules)
2013077 - ET CURRENT_EVENTS Blackhole Exploit Pack HCP overflow Media Player lt 10 (current_events.rules)
2013313 - ET TROJAN Obfuscated Javascript Often Used in the Blackhole Exploit Kit 3 (trojan.rules)
2013548 - ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit (current_events.rules)
2013549 - ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 2 (current_events.rules)
2013550 - ET TROJAN Potential Blackhole Exploit Pack Binary Load Request 2 (trojan.rules)
2013553 - ET CURRENT_EVENTS Blackhole landing page with malicious Java applet (current_events.rules)
2013554 - ET CURRENT_EVENTS Blackhole MapYandex.class malicious jar (current_events.rules)
2013652 - ET CURRENT_EVENTS Blackhole Exploit Kit Landing Reporting Successful Java Compromise (current_events.rules)
2013664 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?b Download Secondary Request (current_events.rules)
2013665 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?n Download Secondary Request (current_events.rules)
2013666 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?page Download Secondary Request (current_events.rules)
2013700 - ET CURRENT_EVENTS Blackhole landing page with malicious Java applet (current_events.rules)
2013746 - ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 3 (current_events.rules)
2013786 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 2 (current_events.rules)
2013787 - ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 2 (current_events.rules)
2013788 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?doit Download Secondary Request (current_events.rules)
2013950 - ET CURRENT_EVENTS Blackhole obfuscated Javascript padded charcodes 25 (current_events.rules)
2013960 - ET CURRENT_EVENTS Blackhole Exploit Kit Delivering PDF Exploit to Client (current_events.rules)
2013972 - ET CURRENT_EVENTS Initial Blackhole Landing Loading... Wait Please (current_events.rules)
2013990 - ET CURRENT_EVENTS Blackhole Exploit Kit hostile PDF qwe123 (current_events.rules)
2013991 - ET CURRENT_EVENTS Blackhole hostile PDF v1 (current_events.rules)
2013992 - ET CURRENT_EVENTS Blackhole hostile PDF v2 (current_events.rules)
2014035 - ET CURRENT_EVENTS DRIVEBY Blackhole PDF Exploit Request /fdp2.php (current_events.rules)
2014048 - ET CURRENT_EVENTS Blackhole Exploit Kit Java Rhino Script Engine Remote Code Execution Attempt (current_events.rules)
2014053 - ET CURRENT_EVENTS Blackhole Likely Flash exploit download request score.swf (current_events.rules)
2014094 - ET CURRENT_EVENTS Blackhole-like Java Exploit request to .jar?t= (current_events.rules)
2014125 - ET CURRENT_EVENTS DRIVEBY Blackhole - Help and Control Panel Exploit Request (current_events.rules)
2014126 - ET CURRENT_EVENTS DRIVEBY Blackhole Likely Flash Exploit Request /field.swf (current_events.rules)
2014157 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 4 (current_events.rules)
2014158 - ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 4 (current_events.rules)
2014195 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 5 (current_events.rules)
2014235 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - info.exe (current_events.rules)
2014236 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - contacts.exe (current_events.rules)
2014237 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - calc.exe (current_events.rules)
2014238 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - about.exe (current_events.rules)
2014274 - ET CURRENT_EVENTS Blackhole Tax Landing Page with JavaScript Attack (current_events.rules)
2014279 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 6 (current_events.rules)
2014280 - ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 6 (current_events.rules)
2014281 - ET CURRENT_EVENTS Blackhole Java Applet with Obfuscated URL 2 (current_events.rules)
2014282 - ET CURRENT_EVENTS Blackhole Download Secondary Request ?pagpag (current_events.rules)
2014284 - ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 4 (current_events.rules)
2014298 - ET CURRENT_EVENTS Blackhole obfuscated Javascript 171 charcodes >= 48 (current_events.rules)
2014301 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - readme.exe (current_events.rules)
2014346 - ET CURRENT_EVENTS INBOUND Blackhole Java Exploit request similar to /content/jav.jar (current_events.rules)
2014368 - ET CURRENT_EVENTS Blackhole qwe123 PDF (current_events.rules)
2014378 - ET CURRENT_EVENTS Blackhole/Cutwail Redirection Page 1 (current_events.rules)
2014412 - ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Set (current_events.rules)
2014413 - ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Present (current_events.rules)
2014414 - ET CURRENT_EVENTS DRIVEBY Blackhole Landing Page applet param window.document (current_events.rules)
2014415 - ET CURRENT_EVENTS Blackhole Exploit Kit JavaScript dotted quad hostile applet (current_events.rules)
2014440 - ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - scandsk.exe (current_events.rules)
2014441 - ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - /Home/index.php (current_events.rules)
2014442 - ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - *.php?*=16HexCharacters in http_uri (current_events.rules)
2014444 - ET CURRENT_EVENTS DRIVEBY Blackhole - Page redirecting to driveby (current_events.rules)
2014470 - ET CURRENT_EVENTS Likely Blackhole PDF served from iframe (current_events.rules)
2014537 - ET CURRENT_EVENTS Initial Blackhole Landing .prototype.q catch with split (current_events.rules)
2014538 - ET CURRENT_EVENTS Initial Blackhole Landing Loading... Please Wait (current_events.rules)
2014540 - ET CURRENT_EVENTS Blackhole Landing for Loading prototype catch (current_events.rules)
2014644 - ET CURRENT_EVENTS Blackhole - Landing Page Recieved - applet PluginDetect and 10hexchar title (current_events.rules)
2014659 - ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Please wait Message (current_events.rules)
2014661 - ET CURRENT_EVENTS Blackhole Landing for prototype catch substr (current_events.rules)
2014664 - ET CURRENT_EVENTS Blackhole - Jar File Naming Algorithm (current_events.rules)
2014666 - ET CURRENT_EVENTS DRIVEBY Blackhole - Injected Page Leading To Driveby (current_events.rules)
2014725 - ET CURRENT_EVENTS Possible Request for Blackhole Exploit Kit Landing Page - src.php?case= (current_events.rules)
2014773 - ET CURRENT_EVENTS Blackhole Landing Page JavaScript Split String Obfuscation of CharCode (current_events.rules)
2014774 - ET CURRENT_EVENTS Blackhole Malicious PDF qweqwe= (current_events.rules)
2014775 - ET CURRENT_EVENTS Blackhole PDF Payload Request (current_events.rules)
2014776 - ET CURRENT_EVENTS Blackhole PDF Payload Request With Double Colon (current_events.rules)
2014801 - ET CURRENT_EVENTS Blackhole Try App.title Catch - May 22nd2012 (current_events.rules)
2014820 - ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Javascript Blob (current_events.rules)
2014821 - ET CURRENT_EVENTS Blackhole RawValue Specific Exploit PDF (current_events.rules)
2014823 - ET CURRENT_EVENTS Blackhole Malicious PDF asdvsa (current_events.rules)
2014825 - ET CURRENT_EVENTS Blackhole Landing Page Script Profile ASD (current_events.rules)
2014843 - ET TROJAN Blackhole Exploit Kit Request tkr (trojan.rules)
2014858 - ET CURRENT_EVENTS Blackhole Fraudulent Paypal Mailing Server Response June 042012 (current_events.rules)
2014873 - ET CURRENT_EVENTS Obfuscated Javascript redirecting to Blackhole June 72012 (current_events.rules)
2014885 - ET CURRENT_EVENTS SutraTDS (enema) used in Blackhole campaigns (current_events.rules)
2014888 - ET CURRENT_EVENTS Blackhole Try Prototype Catch June 112012 (current_events.rules)
2014907 - ET CURRENT_EVENTS Initial Blackhole Landing - UPS Number Loading.. Jun 152012 (current_events.rules)
2014908 - ET CURRENT_EVENTS Initial Blackhole Landing - Verizon Balance Due Jun 152012 (current_events.rules)
2014909 - ET CURRENT_EVENTS Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby (current_events.rules)
2014921 - ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 182012 (current_events.rules)
2014931 - ET CURRENT_EVENTS Blackhole Landing Please wait a moment Jun 202012 (current_events.rules)
2014940 - ET CURRENT_EVENTS Blackhole RawValue Exploit PDF (current_events.rules)
2014981 - ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th2012 (current_events.rules)
2015005 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL 3 (current_events.rules)
2015012 - ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 1 (current_events.rules)
2015013 - ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 2 (current_events.rules)
2015014 - ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 3 (current_events.rules)
2015025 - ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 1 (current_events.rules)
2015026 - ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 2 (current_events.rules)
2015048 - ET CURRENT_EVENTS 09 July2012 Blackhole Landing Page - Please Wait Loading (current_events.rules)
2015056 - ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Structure (current_events.rules)
2015475 - ET CURRENT_EVENTS BlackHole TKR Landing Page /last/index.php (current_events.rules)
2015486 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (1) (current_events.rules)
2015487 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (2) (current_events.rules)
2015488 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (3) (current_events.rules)
2015586 - ET CURRENT_EVENTS Blackhole Redirection Page Try Math.Round Catch - 7th August2012 (current_events.rules)
2015619 - ET CURRENT_EVENTS Blackhole/Cool jnlp URI Struct (current_events.rules)
2015622 - ET CURRENT_EVENTS Blackhole Landing Page Hwehes String - August 13th2012 (current_events.rules)
2015659 - ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Outbound (current_events.rules)
2015660 - ET CURRENT_EVENTS - Blackhole Admin Login Outbound (current_events.rules)
2015661 - ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Inbound (current_events.rules)
2015662 - ET CURRENT_EVENTS - Blackhole Admin Login Inbound (current_events.rules)
2015670 - ET CURRENT_EVENTS Unknown Exploit Kit suspected Blackhole (current_events.rules)
2015680 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Nov 092012 (current_events.rules)
2015700 - ET CURRENT_EVENTS Blackhole2 - URI Structure (current_events.rules)
2015710 - ET CURRENT_EVENTS DRIVEBY Blackhole2 - Landing Page Received (current_events.rules)
2015740 - ET CURRENT_EVENTS MALVERTISING - Redirect To Blackhole - Push JavaScript (current_events.rules)
2015759 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (4) (current_events.rules)
2015787 - ET CURRENT_EVENTS Blackhole/Cool eot URI Struct (current_events.rules)
2015796 - ET CURRENT_EVENTS Blackhole/Cool Jar URI Struct (current_events.rules)
2015797 - ET CURRENT_EVENTS Blackhole 2 Landing Page (3) (current_events.rules)
2015798 - ET CURRENT_EVENTS Blackhole/Cool EXE URI Struct (current_events.rules)
2015802 - ET CURRENT_EVENTS Blackhole 2 Landing Page (5) (current_events.rules)
2015803 - ET CURRENT_EVENTS Possible Blackhole/Cool Landing URI Struct (current_events.rules)
2015804 - ET CURRENT_EVENTS BlackHole 2 PDF Exploit (current_events.rules)
2015817 - ET CURRENT_EVENTS Blackhole2 Non-Vulnerable Client Fed Fake Flash Executable (current_events.rules)
2015836 - ET CURRENT_EVENTS Blackhole 2.0 Binary Get Request (current_events.rules)
2015863 - ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (2) (current_events.rules)
2015871 - ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (3) (current_events.rules)
2015877 - ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI (current_events.rules)
2015932 - ET CURRENT_EVENTS Blackhole 2 Landing Page (7) (current_events.rules)
2015933 - ET CURRENT_EVENTS Blackhole/Cool txt URI Struct (current_events.rules)
2015978 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec 032012 (current_events.rules)
2016024 - ET CURRENT_EVENTS Blackhole - TDS Redirection To Exploit Kit - Loading (current_events.rules)
2016166 - ET CURRENT_EVENTS Blackhole Exploit Kit PluginDetect FromCharCode Jan 042013 (current_events.rules)
2016229 - ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Jar Download (current_events.rules)
2016242 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Jan 212012 (current_events.rules)
2016341 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Feb 042012 (current_events.rules)
2016524 - ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Specific -  4/3/2013 (current_events.rules)
2016525 - ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Style 2 Specific -  4/3/2013 (current_events.rules)
2016526 - ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch False Specific -  4/3/2013 (current_events.rules)
2016563 - ET CURRENT_EVENTS Blackhole 16-hex/q.php Landing Page/Java exploit URI (current_events.rules)
2016564 - ET CURRENT_EVENTS Blackhole 16-hex/q.php Jar Download (current_events.rules)
2016722 - ET CURRENT_EVENTS Blackhole 32-hex/ff.php Landing Page/Java exploit URI (current_events.rules)
2016723 - ET CURRENT_EVENTS Blackhole 32-hex/ff.php Jar Download (current_events.rules)
2016724 - ET CURRENT_EVENTS Blackhole 16-hex/ff.php Landing Page/Java exploit URI (current_events.rules)
2016725 - ET CURRENT_EVENTS Blackhole 16-hex/ff.php Jar Download (current_events.rules)
2016729 - ET CURRENT_EVENTS Reversed Applet Observed in Sakura/Blackhole Landing (current_events.rules)
2016755 - ET CURRENT_EVENTS Blackhole 2 Landing Page (9) (current_events.rules)
2016813 - ET CURRENT_EVENTS - Possible BlackHole request with decryption Base  (current_events.rules)
2016848 - ET CURRENT_EVENTS BlackHole Java Exploit Artifact (current_events.rules)
2016931 - ET CURRENT_EVENTS BlackHole EK JNLP request (current_events.rules)
2016971 - ET CURRENT_EVENTS Blackhole 32-hex/a.php Landing Page/Java exploit URI (current_events.rules)
2016972 - ET CURRENT_EVENTS Blackhole 32-hex/a.php Jar Download (current_events.rules)
2016973 - ET CURRENT_EVENTS Blackhole 16-hex/a.php Landing Page/Java exploit URI (current_events.rules)
2016974 - ET CURRENT_EVENTS Blackhole 16-hex/a.php Jar Download (current_events.rules)
2016984 - ET CURRENT_EVENTS BlackHole EK Initial Gate from Linked-In Mailing Campaign (current_events.rules)
2017076 - ET CURRENT_EVENTS BlackHole EK Variant Payload Download (current_events.rules)
2017140 - ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct (current_events.rules)
2017141 - ET CURRENT_EVENTS Blackhole EK Plugin-Detect July 122013 (current_events.rules)
2017198 - ET CURRENT_EVENTS Reversed Embedded JNLP Observed in Sakura/Blackhole Landing (current_events.rules)
2017265 - ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key (current_events.rules)
2017340 - ET CURRENT_EVENTS Blackhole Exploit Kit Shrift.php Microsoft OpenType Font Exploit Request (current_events.rules)
2017341 - ET CURRENT_EVENTS Blackhole Exploit Kit Microsoft OpenType Font Exploit (current_events.rules)
2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in charcodes w/o sep Jul 102013 (current_events.rules)
2017416 - ET CURRENT_EVENTS BlackHole EK Variant PDF Download (current_events.rules)
2017454 - ET CURRENT_EVENTS BlackHole EK Payload Download Sep 112013 (current_events.rules)
2017456 - ET CURRENT_EVENTS BlackHole EK Variant PDF Download Sep 112013 (current_events.rules)
2017461 - ET CURRENT_EVENTS Blackhole obfuscated base64 decoder Sep 122013 (current_events.rules)
2017481 - ET CURRENT_EVENTS BlackHole initial landing/gate (current_events.rules)
2017556 - ET CURRENT_EVENTS BlackHole EK Variant PDF Download (current_events.rules)
2020604 - ET CURRENT_EVENTS Likely Blackhole eval haha (current_events.rules)
2022113 - ET CURRENT_EVENTS BlackHole EK Landing Nov 172015 (current_events.rules)
2803166 - ETPRO TROJAN BlackHole.aotp Checkin (trojan.rules)
2803244 - ETPRO TROJAN Backdoor.BlackHole.hfy Checkin (trojan.rules)
2806569 - ETPRO TROJAN Backdoor/Blackhole.bkg Checkin (trojan.rules)

Date: 
Thursday, January 25, 2018 - 00:00