Daily Ruleset Update Summary 2018/02/23

[***]            Summary:            [***]

5 new Open, 11 new Pro (5 + 6). Loki, Mirai/OMG, Various Phishing.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback

Thanks: Andy Jackman

[+++]          Added rules:          [+++]

Open:

2025381 - ET TROJAN Loki Bot Checkin (trojan.rules)
2025382 - ET TROJAN Known Malicious Redirector in DNS Lookup (vip.rm028 .cn) (trojan.rules)
2025383 - ET TROJAN Known Malicious Redirector in DNS Lookup (by007 .cn) (trojan.rules)
2025384 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (ccnew.mm .my) (trojan.rules)
2025385 - ET TROJAN Mirai/OMG Proxy Variant CnC in DNS Lookup (rpnew.mm .my) (trojan.rules)

Pro:

2829784 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC) (trojan.rules)
2829785 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC 2) (trojan.rules)
2829786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 1) (trojan.rules)
2829787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 2) (trojan.rules)
2829788 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif/Gozi ISFB) (trojan.rules)
2829789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-23 3) (trojan.rules)

[///]     Modified active rules:     [///]

2803218 - ETPRO TROJAN W32/UFR_Stealer User-Agent (Trololo) (trojan.rules)
2804324 - ETPRO TROJAN W32/UFR_Stealer sending stolen data via FTP (trojan.rules)

[---]         Removed rules:         [---]

2815070 - ETPRO TROJAN Loki Bot Checkin (trojan.rules)

Date: 
Friday, February 23, 2018 - 00:00