[***]            Summary:            [***]

9 new Open, 24 new Pro (9 + 15). TRR DNS, Princess Ransomware, Ghatber Backdoor, Various Phishing, Various Mobile.

Thanks: Nathan Fowler

[+++]          Added rules:          [+++]

Open:

2025973 - ET CURRENT_EVENTS Christian Mingle Phishing Landing 2018-08-07 (current_events.rules)
2025974 - ET CURRENT_EVENTS Microsoft Account Phishing Landing 2018-08-07 (current_events.rules)
2025975 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-08-07 (current_events.rules)
2025976 - ET CURRENT_EVENTS Free Mobile Phishing Landing 2018-08-07 (current_events.rules)
2025977 - ET CURRENT_EVENTS Adobe Phishing Landing 2018-08-07 (current_events.rules)
2025978 - ET CURRENT_EVENTS Microsoft Ajax Phishing Landing 2018-08-07 (current_events.rules)
2025979 - ET CURRENT_EVENTS Alibaba Phishing Landing 2018-08-07 (current_events.rules)
2025980 - ET POLICY TRR DNS over HTTPS detected (policy.rules)
2025981 - ET CURRENT_EVENTS Microsoft Phishing Landing 2018-08-07 (current_events.rules)

Pro:

2832090 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-08-07 (current_events.rules)
2832091 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-08-07 (current_events.rules)
2832092 - ETPRO TROJAN Princess Ransomware CnC Activity (trojan.rules)
2832093 - ETPRO TROJAN MSIL/Celebi.A Checkin M2 System Info (trojan.rules)
2832094 - ETPRO CURRENT_EVENTS Possible More_eggs Connectivity Check (current_events.rules)
2832095 - ETPRO TROJAN MSIL/Celebi.A Checkin M3 Command Check (trojan.rules)
2832096 - ETPRO USER_AGENTS Suspicious UA AegisCrypter (user_agents.rules)
2832097 - ETPRO MOBILE_MALWARE Android/Agent.AHT CnC Beacon (mobile_malware.rules)
2832098 - ETPRO TROJAN Ghatber Backdoor Checkin (trojan.rules)
2832099 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 1) (trojan.rules)
2832100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 2) (trojan.rules)
2832101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 3) (trojan.rules)
2832102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 4) (trojan.rules)
2832103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 5) (trojan.rules)
2832104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-07 6) (trojan.rules)

[///]     Modified active rules:     [///]

2816365 - ETPRO TROJAN W32.SOCKSBOT CnC Request (trojan.rules)
2816366 - ETPRO TROJAN W32.SOCKSBOT CnC Response (trojan.rules)
2831878 - ETPRO TROJAN MSIL/Unk.BrowserStealer CnC Exfil (trojan.rules)

Date: 
Tuesday, August 7, 2018 - 00:00