[***]            Summary:            [***]

4 new Open, 27 new Pro (4 + 23). Win32/SpyAgent.Raptor, Cobalt Strike Beacon, Various Nagios.

Thanks: @AttackDetection, @eSentire ‏

[+++]          Added rules:          [+++]

Open:

2025633 - ET TROJAN [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 1 (trojan.rules)
2025634 - ET TROJAN [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 2 (trojan.rules)
2025635 - ET TROJAN [eSentire] Cobalt Strike Beacon (trojan.rules)
2025636 - ET TROJAN Cobalt Strike Exfiltration (trojan.rules)

Pro:

2831518 - ETPRO EXPLOIT Nagios XI SQL Injection (exploit.rules)
2831519 - ETPRO EXPLOIT Nagios XI Remote Code Execution (exploit.rules)
2831520 - ETPRO EXPLOIT Nagios XI Remote Code Execution 2 (exploit.rules)
2831521 - ETPRO EXPLOIT Nagios XI SQL Injection 2 (exploit.rules)
2831522 - ETPRO EXPLOIT Nagios XI Remote Code Execution 3 (exploit.rules)
2831523 - ETPRO EXPLOIT Nagios XI Set DB User Root (exploit.rules)
2831524 - ETPRO EXPLOIT Nagios XI Adding Administrative User (exploit.rules)
2831525 - ETPRO TROJAN W32.Unk.Stealer Checkin M1 (trojan.rules)
2831526 - ETPRO TROJAN W32.Unk.Stealer Checkin M2 (trojan.rules)
2831527 - ETPRO EXPLOIT FTPShell client Stack Buffer Overflow (exploit.rules)
2831528 - ETPRO SCAN ntop-ng Authentication Bypass via Session ID Guessing (scan.rules)
2831529 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-03 Domain (windowsexec .s3 .amazonaws .com in TLS SNI) (current_events.rules)
2831530 - ETPRO EXPLOIT Possible ModSecurity 3.0.0 Cross-Site Scripting (exploit.rules)
2831531 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 1) (trojan.rules)
2831532 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 2) (trojan.rules)
2831533 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 3) (trojan.rules)
2831534 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 4) (trojan.rules)
2831535 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 5) (trojan.rules)
2831536 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 6) (trojan.rules)
2831537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 7) (trojan.rules)
2831538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 8) (trojan.rules)
2831539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 9) (trojan.rules)
2831540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-03 10) (trojan.rules)

[///]     Modified active rules:     [///]

2831460 - ETPRO TROJAN Win32/RovnixLoader CnC Checkin 1 (trojan.rules)

Date: 
Monday, July 2, 2018 - 22:00