[***]            Summary:            [***]

19 new Open, 27 new Pro (19 + 8). OilRig QUADAGENT, MSIL/Backtrap, Various Mobile, Phishing.

Thanks: @eSentire

[+++]          Added rules:          [+++]

Open:

2025889 - ET USER_AGENTS VPNFilter Related UA (Gemini/2.0) (user_agents.rules)
2025890 - ET USER_AGENTS VPNFilter Related UA (Hakai/2.0) (user_agents.rules)
2025891 - ET TROJAN OilRig QUADAGENT CnC Domain in SNI (trojan.rules)
2025892 - ET TROJAN Observed Malicious SSL Cert (OilRig QUADAGENT CnC) (trojan.rules)
2025893 - ET CURRENT_EVENTS [eSentire] Successful 163 Webmail Phish 2018-07-25 (current_events.rules)
2025894 - ET TROJAN OilRig QUADAGENT DNS Tunneling (trojan.rules)
2025895 - ET MOBILE_MALWARE Android Golden Rat Checkin (mobile_malware.rules)
2025896 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 6 (mobile_malware.rules)
2025897 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 7 (mobile_malware.rules)
2025898 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 8 (mobile_malware.rules)
2025899 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 9 (mobile_malware.rules)
2025900 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 10 (mobile_malware.rules)
2025901 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 11 (mobile_malware.rules)
2025902 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 12 (mobile_malware.rules)
2025903 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 13 (mobile_malware.rules)
2025904 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 14 (mobile_malware.rules)
2025905 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 15 (mobile_malware.rules)
2025906 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 16 (mobile_malware.rules)
2025907 - ET EXPLOIT Oracle WebLogic Unrestricted File Upload (CVE-2018-2894) (exploit.rules)

Pro:

2831960 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT Variant CnC Checkin (mobile_malware.rules)
2831961 - ETPRO POLICY Observed External IP Lookup (api.ipstack .com) (policy.rules)
2831962 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M1 (trojan.rules)
2831963 - ETPRO TROJAN Ursnif Variant CnC Beacon 8 M2 (trojan.rules)
2831964 - ETPRO TROJAN MSIL/Backtrap Checkin via MySQL (trojan.rules)
2831965 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-25 1) (trojan.rules)
2831966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-25 2) (trojan.rules)
2831967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-25 3) (trojan.rules)

[///]     Modified active rules:     [///]

2831817 - ETPRO CURRENT_EVENTS Likely Malicious JS Inbound (current_events.rules)

Date: 
Tuesday, July 24, 2018 - 22:00