[***]            Summary:            [***]

2 new Open, 19 new Pro (2 + 17). CVE-2018-2893, Chthonic DNS, Kaprav Backdoor.

[+++]          Added rules:          [+++]

Open:

2025929 - ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893) (web_specific_apps.rules)
2025930 - ET WEB_SPECIFIC_APPS Modx Revolution RCE (CVE-2018-1000207) (web_specific_apps.rules)

Pro:

2832025 - ETPRO TROJAN Win32/Chthonic DNS Lookup (atomary .bit) (trojan.rules)
2832026 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC Domain) (trojan.rules)
2832027 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC Domain) (trojan.rules)
2832028 - ETPRO TROJAN Kaprav Backdoor CnC Checkin (trojan.rules)
2832029 - ETPRO TROJAN Kaprav Backdoor CnC Command Info (trojan.rules)
2832030 - ETPRO TROJAN Unk.Stealer Exfil via FTP (trojan.rules)
2832031 - ETPRO MALWARE PUA/OpenDown.AI Checkin (malware.rules)
2832032 - ETPRO MALWARE AdWare.Ocna.bvh Checkin (malware.rules)
2832033 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 1) (trojan.rules)
2832034 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 2) (trojan.rules)
2832035 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 3) (trojan.rules)
2832036 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 4) (trojan.rules)
2832037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 5) (trojan.rules)
2832038 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 6) (trojan.rules)
2832039 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 7) (trojan.rules)
2832040 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 8) (trojan.rules)
2832041 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 9) (trojan.rules)

Date: 
Wednesday, August 1, 2018 - 00:00