[***]            Summary:            [***]

3 new Open, 19 new Pro (3 + 16). Memcached DDoS, Cannibal RAT, Various Mobile.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025401 - ET DOS Possible Memcached DDoS Amplification Query (set) (dos.rules)
2025402 - ET DOS Possible Memcached DDoS Amplification Response Outbound (dos.rules)
2025403 - ET DOS Possible Memcached DDoS Amplification Inbound (dos.rules)

Pro:

2829849 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d Checkin (mobile_malware.rules)
2829850 - ETPRO TROJAN Py/Cannibal RAT Checkin M1 (trojan.rules)
2829851 - ETPRO TROJAN Win32/Flawed Grace Backdoor CnC Checkin (trojan.rules)
2829852 - ETPRO TROJAN Py/Cannibal RAT Checkin M2 (trojan.rules)
2829853 - ETPRO TROJAN Py/Cannibal RAT Checkin M3 (trojan.rules)
2829854 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Downloader) (trojan.rules)
2829855 - ETPRO INFO Free Hosting Domain (*.neocities .org in DNS Lookup) (info.rules)
2829856 - ETPRO INFO Observed SSL Cert to Free Hosting Domain (*.neocities .org) (info.rules)
2829857 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.qi CnC Beacon (mobile_malware.rules)
2829858 - ETPRO TROJAN Smoke/Sharik HTTP 404 Containing EXE (2) (trojan.rules)
2829859 - ETPRO TROJAN Lazarus CVE-2018-4878 Retrieving Payload SSL Cert (trojan.rules)
2829860 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 1) (trojan.rules)
2829861 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 2) (trojan.rules)
2829862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 3) (trojan.rules)
2829863 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 4) (trojan.rules)
2829864 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 5) (trojan.rules)

[///]     Modified active rules:     [///]

2829836 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (NEE2dllBajF5VWZVa...) (trojan.rules)

Date: 
Thursday, March 1, 2018 - 00:00