[***] Summary: [***]
9 new Open, 25 new Pro (9 + 16). W32/Kimsuky, SunDown EK Payload, Various Mobile, Various Phishing.
Thanks: @AttackDetection
[+++] Added rules: [+++]
Open:
2025306 - ET CURRENT_EVENTS Banque Populaire Phishing Landing 2018-02-05 (current_events.rules)
2025307 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-02-05 (current_events.rules)
2025308 - ET CURRENT_EVENTS Possible Generic Antibots Phishing Landing 2018-02-05 (current_events.rules)
2025309 - ET CURRENT_EVENTS Facebook Upgrade Payment Phishing Landing 2018-02-05 (current_events.rules)
2025310 - ET CURRENT_EVENTS Mailbox Upgrade Phishing Landing 2018-02-05 (current_events.rules)
2025311 - ET CURRENT_EVENTS Yahoo Account Verification Phishing Landing 2018-02-05 (current_events.rules)
2025312 - ET CURRENT_EVENTS Google/Adobe Shared Document Phishing Landing 2018-02-05 (current_events.rules)
2025313 - ET CURRENT_EVENTS Orange Phishing Landing 2018-02-05 (FR) (current_events.rules)
2025314 - ET POLICY Vulnerable Java Version 9.0.x Detected (policy.rules)
Pro:
2829546 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 275 (mobile_malware.rules)
2829547 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 276 (mobile_malware.rules)
2829548 - ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC (trojan.rules)
2829549 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 1) (trojan.rules)
2829550 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 2) (trojan.rules)
2829551 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 3) (trojan.rules)
2829552 - ETPRO TROJAN W32/Kimsuky Requesting Stage 2 Payload (trojan.rules)
2829553 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 4) (trojan.rules)
2829554 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 5) (trojan.rules)
2829555 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 6) (trojan.rules)
2829556 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 7) (trojan.rules)
2829557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 8) (trojan.rules)
2829558 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 9) (trojan.rules)
2829559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-05 10) (trojan.rules)
2829560 - ETPRO CURRENT_EVENTS SunDown EK Payload 2018-02-05 (current_events.rules)
2829561 - ETPRO TROJAN SSL/TLS Certificate Observed (Sundown EK) (trojan.rules)
[///] Modified active rules: [///]
2011581 - ET POLICY Vulnerable Java Version 1.5.x Detected (policy.rules)
2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2011584 - ET POLICY Vulnerable Java Version 1.4.x Detected (policy.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2023681 - ET MOBILE_MALWARE Android Fancy Bear Checkin 2 (mobile_malware.rules)
2025152 - ET TROJAN [PTsecurity] DorkBot.Downloader CnC Response (trojan.rules)
2025153 - ET TROJAN [PTsecurity] DorkBot.Downloader CnC Beacon (trojan.rules)
2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based) (web_client.rules)
2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (web_client.rules)
2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress (exploit.rules)
2025196 - ET EXPLOIT Possible Spectre PoC Download In Progress (exploit.rules)
2025305 - ET TROJAN [Flashpoint] Possible CVE-2018-4878 Check-in (trojan.rules)
2829545 - ETPRO EXPLOIT Adobe Flash Use After Free (CVE-2018-4878) (exploit.rules)
[---] Removed rules: [---]
2801695 - ETPRO SCADA_SPECIAL DNP3 Non-DNP3 Communication on a DNP3 Port (scada_special.rules)
2829533 - ETPRO EXPLOIT Adobe Flash Request Retrieving XOR Key (associated with CVE-2018-4878) (exploit.rules)