[***] Summary: [***]
2 new Open, 15 new Pro (2 + 13). CVE-2018-0833, Edgelog Password Stealer, BR.Stealer, Android.Monitor.Puma.C.
Thanks: @eSentire
[+++] Added rules: [+++]
Open:
2025983 - ET EXPLOIT SMB Null Pointer Dereference PoC Inbound (CVE-2018-0833) (exploit.rules)
2025984 - ET TROJAN [eSentire] Remcos RAT Checkin 25 (trojan.rules)
Pro:
2821712 - ETPRO POLICY RealThinClient Session Init (policy.rules)
2832130 - ETPRO TROJAN Observed Malicious SSL Cert (APT32) (trojan.rules)
2832131 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-09 1) (trojan.rules)
2832132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-09 2) (trojan.rules)
2832133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-09 3) (trojan.rules)
2832134 - ETPRO TROJAN Observed BR.Stealer CnC Domain (irrory .com in TLS SNI) (trojan.rules)
2832135 - ETPRO TROJAN Edgelog Password Stealer Activity (trojan.rules)
2832136 - ETPRO MOBILE_MALWARE Android.Monitor.Puma.C CnC Beacon (mobile_malware.rules)
2832137 - ETPRO TROJAN Edgelog Password Stealer Exfil via SMTP (trojan.rules)
2832138 - ETPRO TROJAN Observed Malicious SSL Cert (BR.Stealer Loader CnC Activity) (trojan.rules)
2832139 - ETPRO TROJAN Win32/Gomez Backdoor CnC Activity (trojan.rules)
2832140 - ETPRO MALWARE Win32/Adware.HPDefender.B Reporting PUP Install (malware.rules)
2832141 - ETPRO TROJAN MSIL/Agent.BNB CnC Checkin via FTP (trojan.rules)
[///] Modified active rules: [///]
2814087 - ETPRO POLICY RealThinClient Outbound Communication (policy.rules)
2814213 - ETPRO TROJAN LatentBot/GrayBird CnC Checkin (trojan.rules)
2814214 - ETPRO TROJAN LatentBot/GrayBird Module Download (trojan.rules)
2814215 - ETPRO TROJAN LatentBot/GrayBird False Zip Response (trojan.rules)
2828574 - ETPRO TROJAN ProjectHook POS CnC Checkin (trojan.rules)
2831359 - ETPRO TROJAN ProjectHook POS CnC Keep-Alive (trojan.rules)
[---] Removed rules: [---]
2821712 - ETPRO TROJAN LatentBot HTTP POST Checkin (trojan.rules)