[***]            Summary:            [***]

49 new Pro. Various PHP/system exploits, Various Phish, Various Mobile.

[+++]          Added rules:          [+++]

2816040 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M1 (info.rules)
2816041 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M2 (info.rules)
2816042 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M3 (info.rules)
2816043 - ETPRO INFO Phishing Landing via Weebly.com Feb 2 M4 (info.rules)
2831605 - ETPRO CURRENT_EVENTS Possible Powershell Loader with Base64 Encoded EXE Inbound (current_events.rules)
2831606 - ETPRO EXPLOIT Exim Internet Mailer Remote Code Execution (exploit.rules)
2831607 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.CK CnC Beacon (mobile_malware.rules)
2831608 - ETPRO EXPLOIT xdebug OS Command Execution  (exploit.rules)
2831609 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 1 (exploit.rules)
2831610 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 2 (exploit.rules)
2831611 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 3 (exploit.rules)
2831612 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 4 (exploit.rules)
2831613 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 5 (exploit.rules)
2831614 - ETPRO EXPLOIT Generic system shell command to php base64 encoded Remote Code Execution 6 (exploit.rules)
2831615 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code Execution 1 (exploit.rules)
2831616 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code Execution 2 (exploit.rules)
2831617 - ETPRO EXPLOIT file_put_contents php base64 encoded Remote Code Execution 3 (exploit.rules)
2831618 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 1 (exploit.rules)
2831619 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 2 (exploit.rules)
2831620 - ETPRO EXPLOIT bin bash base64 encoded Remote Code Execution 3 (exploit.rules)
2831621 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 1 (exploit.rules)
2831622 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 2 (exploit.rules)
2831623 - ETPRO EXPLOIT php script base64 encoded Remote Code Execution 3 (exploit.rules)
2831624 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 1 (exploit.rules)
2831625 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 2 (exploit.rules)
2831626 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 3 (exploit.rules)
2831627 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 4 (exploit.rules)
2831628 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 5 (exploit.rules)
2831629 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 6 (exploit.rules)
2831630 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 7 (exploit.rules)
2831631 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 8 (exploit.rules)
2831632 - ETPRO EXPLOIT php script double base64 encoded Remote Code Execution 9 (exploit.rules)
2831633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 1) (trojan.rules)
2831634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 2) (trojan.rules)
2831635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 3) (trojan.rules)
2831636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 4) (trojan.rules)
2831637 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 5) (trojan.rules)
2831638 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 6) (trojan.rules)
2831639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 7) (trojan.rules)
2831640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 8) (trojan.rules)
2831641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 9) (trojan.rules)
2831642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-09 10) (trojan.rules)
2831643 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2018-07-09 (current_events.rules)
2831644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-09 (current_events.rules)
2831645 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-07-09 (current_events.rules)
2831646 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-07-09 (current_events.rules)
2831647 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-07-09) (current_events.rules)
2831648 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-09 Domain (www .casements .co .ug in TLS SNI) (current_events.rules)
2831649 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-07-09 Domain (hertdog .site in TLS SNI) (current_events.rules)

[///]     Modified active rules:     [///]

2815315 - ETPRO TROJAN Gootkit Malicious SSL Cert Dec 10 (trojan.rules)
2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin (malware.rules)

[---]         Removed rules:         [---]

2816040 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M1 (current_events.rules)
2816041 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M2 (current_events.rules)
2816042 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M3 (current_events.rules)
2816043 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com Feb 2 M4 (current_events.rules)
2831586 - ETPRO USER_AGENTS InstallMonster Adware User-Agent (LH_A) (user_agents.rules)

Date: 
Sunday, July 8, 2018 - 22:00