Daily Ruleset Update Summary 2018/05/11

[***]            Summary:            [***]

2 new Open, 16 new Pro (2 + 14). JS/Javaxs.Loader, ELF/Muhstik, W32/Patchwork.Backdoor, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025575 - ET TROJAN ELF/Muhstik Attempting to Download Payload (trojan.rules)
2025576 - ET USER_AGENTS HackingTrio UA (Hello, World) (user_agents.rules)

Pro:

2830806 - ETPRO TROJAN JS/Javaxs.Loader CnC Checkin (trojan.rules)
2830807 - ETPRO TROJAN JS/Javaxs.Loader Communicating with CnC (trojan.rules)
2830808 - ETPRO TROJAN W32/Patchwork.Backdoor Exfiltrating Files to CnC (trojan.rules)
2830809 - ETPRO CURRENT_EVENTS Observed MalDoc User-Agent (2G605) (current_events.rules)
2830810 - ETPRO TROJAN Downloader.Win32.Agent.unk Dropper (trojan.rules)
2830812 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-05-11 (current_events.rules)
2830813 - ETPRO CURRENT_EVENTS Evil Redirector Leading to TechSupport Scam (current_events.rules)
2830814 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-05-11 (current_events.rules)
2830815 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 1) (trojan.rules)
2830816 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 2) (trojan.rules)
2830817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 3) (trojan.rules)
2830818 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 4) (trojan.rules)
2830819 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 5) (trojan.rules)
2830820 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-11 6) (trojan.rules)

[///]     Modified active rules:     [///]

2025163 - ET TROJAN W32/Patchwork.Backdoor Communicating with CnC (trojan.rules)
2025164 - ET TROJAN W32/Patchwork.Backdoor CnC Check-in M2 (trojan.rules)
2809850 - ETPRO TROJAN Cobalt Strike Covert DNS CnC Channel TXT Lookup (udp) (trojan.rules)
2809851 - ETPRO TROJAN Cobalt Strike Covert DNS CnC Channel TXT Lookup (tcp) (trojan.rules)
2814194 - ETPRO TROJAN Win32/Qbot Variant Exfil via FTP (trojan.rules)
2815606 - ETPRO TROJAN Inexsmar/Darkhotel Stage2 Checkin (trojan.rules)
2830690 - ETPRO EXPLOIT GPON Authentication Bypass Attempt (CVE-2018-10561) (exploit.rules)
2830785 - ETPRO TROJAN W32/KISA.Educational.Screenlocker CnC Checkin (trojan.rules)

Date: 
Friday, May 11, 2018 - 00:00