[***] Summary: [***]
4 new Open, 20 new Pro (4 + 16). Win32/DanijBot, CVE-2018-0171, Adderall Loader, Various Phishing.
Thanks: Jake Warren
[+++] Added rules: [+++]
Open:
2025469 - ET TROJAN Win32/DanijBot User-Agent (trojan.rules)
2025470 - ET TROJAN Win32/DanijBot CnC Checkin (trojan.rules)
2025471 - ET TROJAN Win32/DanijBot CnC Task Status (trojan.rules)
2025472 - ET EXPLOIT Possible CVE-2018-0171 Exploit (PoC based) (exploit.rules)
Pro:
2830284 - ETPRO TROJAN Adderall Loader CnC Checkin (trojan.rules)
2830285 - ETPRO TROJAN Adderall Loader IP Check (trojan.rules)
2830286 - ETPRO TROJAN Win32/Tiggre Checkin (trojan.rules)
2830287 - ETPRO TROJAN RubberDucky Logging Activity (trojan.rules)
2830288 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-04-06 (current_events.rules)
2830289 - ETPRO CURRENT_EVENTS Possible Successful Assurance Maladie Phish (FR) M1 2018-04-06 (current_events.rules)
2830290 - ETPRO CURRENT_EVENTS Possible Successful Assurance Maladie Phish (FR) M2 2018-04-06 (current_events.rules)
2830291 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M1 Phish 2018-04-06 (current_events.rules)
2830292 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M2 Phish 2018-04-06 (current_events.rules)
2830293 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M3 Phish 2018-04-06 (current_events.rules)
2830294 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M4 Phish 2018-04-06 (current_events.rules)
2830295 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-04-06 (current_events.rules)
2830296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 1) (trojan.rules)
2830297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 2) (trojan.rules)
2830298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 3) (trojan.rules)
2830299 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 4) (trojan.rules)
[///] Modified inactive rules: [///]
2830245 - ETPRO POLICY Request for CSS File Returning Executable (policy.rules)