[***] Summary: [***]
3 new Open, 19 new Pro (3 + 16). Memcached DDoS, Cannibal RAT, Various Mobile.
Try the new feedback tool: https://feedback.emergingthreats.net/feedback
Thanks: @AttackDetection
[+++] Added rules: [+++]
Open:
2025401 - ET DOS Possible Memcached DDoS Amplification Query (set) (dos.rules)
2025402 - ET DOS Possible Memcached DDoS Amplification Response Outbound (dos.rules)
2025403 - ET DOS Possible Memcached DDoS Amplification Inbound (dos.rules)
Pro:
2829849 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d Checkin (mobile_malware.rules)
2829850 - ETPRO TROJAN Py/Cannibal RAT Checkin M1 (trojan.rules)
2829851 - ETPRO TROJAN Win32/Flawed Grace Backdoor CnC Checkin (trojan.rules)
2829852 - ETPRO TROJAN Py/Cannibal RAT Checkin M2 (trojan.rules)
2829853 - ETPRO TROJAN Py/Cannibal RAT Checkin M3 (trojan.rules)
2829854 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Downloader) (trojan.rules)
2829855 - ETPRO INFO Free Hosting Domain (*.neocities .org in DNS Lookup) (info.rules)
2829856 - ETPRO INFO Observed SSL Cert to Free Hosting Domain (*.neocities .org) (info.rules)
2829857 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.qi CnC Beacon (mobile_malware.rules)
2829858 - ETPRO TROJAN Smoke/Sharik HTTP 404 Containing EXE (2) (trojan.rules)
2829859 - ETPRO TROJAN Lazarus CVE-2018-4878 Retrieving Payload SSL Cert (trojan.rules)
2829860 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 1) (trojan.rules)
2829861 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 2) (trojan.rules)
2829862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 3) (trojan.rules)
2829863 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 4) (trojan.rules)
2829864 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-01 5) (trojan.rules)
[///] Modified active rules: [///]
2829836 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (NEE2dllBajF5VWZVa...) (trojan.rules)