[***] Summary: [***]
8 new Open, 15 new Pro (8 + 7). Chimay Red RCE, Arkei Stealer, QwertyRAT CnC, Various Phishing.
Thanks: Jake Warren, @AttackDetection, @sniko
[+++] Added rules: [+++]
Open:
2025425 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-03-13 (current_events.rules)
2025426 - ET EXPLOIT MikroTik RouterOS Chimay Red Remote Code Execution Probe (exploit.rules)
2025427 - ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789) (exploit.rules)
2025428 - ET INFO Possible Sandvine PacketLogic Injection (info.rules)
2025429 - ET TROJAN Arkei Stealer IP Lookup (trojan.rules)
2025430 - ET TROJAN Arkei Stealer Config Download Request (trojan.rules)
2025431 - ET TROJAN Arkei Stealer Client Data Upload (trojan.rules)
2025432 - ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636) (exploit.rules)
Pro:
2829989 - ETPRO TROJAN Win32/Remcos RAT Checkin 9 (trojan.rules)
2829990 - ETPRO TROJAN QwertyRAT CnC Beacon (trojan.rules)
2829991 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2018-03-13 (current_events.rules)
2829992 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-03-13 (current_events.rules)
2829993 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-13 1) (trojan.rules)
2829994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-13 2) (trojan.rules)
2829995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-13 3) (trojan.rules)
[///] Modified active rules: [///]
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2023638 - ET CURRENT_EVENTS Possible Phishing Redirect Dec 13 2016 (current_events.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2816040 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M1 (current_events.rules)
2816041 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M2 (current_events.rules)
2816042 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M3 (current_events.rules)
2816043 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M4 (current_events.rules)
2820804 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com June 21 (current_events.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)