[***] Summary: [***]
5 new Open, 11 new Pro (5 + 6). Loki, Mirai/OMG, Various Phishing.
Try the new feedback tool: https://feedback.emergingthreats.net/feedback
Thanks: Andy Jackman
[+++] Added rules: [+++]
Open:
2025381 - ET TROJAN Loki Bot Checkin (trojan.rules)
2025382 - ET TROJAN Known Malicious Redirector in DNS Lookup (vip.rm028 .cn) (trojan.rules)
2025383 - ET TROJAN Known Malicious Redirector in DNS Lookup (by007 .cn) (trojan.rules)
2025384 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (ccnew.mm .my) (trojan.rules)
2025385 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (rpnew.mm .my) (trojan.rules)
Pro:
2829784 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC) (trojan.rules)
2829785 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC 2) (trojan.rules)
2829786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 1) (trojan.rules)
2829787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 2) (trojan.rules)
2829788 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif/Gozi ISFB) (trojan.rules)
2829789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 3) (trojan.rules)
[///] Modified active rules: [///]
2803218 - ETPRO TROJAN W32/UFR_Stealer User-Agent (Trololo) (trojan.rules)
2804324 - ETPRO TROJAN W32/UFR_Stealer sending stolen data via FTP (trojan.rules)
[---] Removed rules: [---]
2815070 - ETPRO TROJAN Loki Bot Checkin (trojan.rules)