[***]            Summary:            [***]

5 new Open, 24 new Pro (5 + 19). KaiXin Landing, CVE-2018-0878, MSIL/Haunted Miner, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025985 - ET INFO Adobe PDX in HTTP Flowbit Set (info.rules)
2025986 - ET INFO MP3 with ID3 in HTTP Flowbit Set (info.rules)
2025987 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin (mobile_malware.rules)
2025988 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a CnC Beacon (mobile_malware.rules)
2025989 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin 2 (mobile_malware.rules)

Pro:

2832151 - ETPRO TROJAN Win32/Dupzom Checkin via TCP (trojan.rules)
2832152 - ETPRO CURRENT_EVENTS KaiXin Landing Aug 13 2018 (current_events.rules)
2832153 - ETPRO EXPLOIT Windows Remote Assistance XXE Exploit Inbound (CVE-2018-0878) (exploit.rules)
2832154 - ETPRO TROJAN MSIL/Haunted Miner CnC Checkin (trojan.rules)
2832155 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2832156 - ETPRO TROJAN Observed Malicious SSL Cert (Haunted Miner CnC) (trojan.rules)
2832157 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 1) (trojan.rules)
2832158 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 2) (trojan.rules)
2832159 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 3) (trojan.rules)
2832160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 4) (trojan.rules)
2832161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 5) (trojan.rules)
2832162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 6) (trojan.rules)
2832163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 7) (trojan.rules)
2832164 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 8) (trojan.rules)
2832165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 9) (trojan.rules)
2832166 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 10) (trojan.rules)
2832167 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-13 11) (trojan.rules)
2832168 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin (mobile_malware.rules)
2832169 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin 2 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2016394 - ET INFO Adobe Flash Uncompressed in HTTP Flowbit Set (info.rules)
2825163 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to Download PDF) Feb 28 2017 (current_events.rules)

Date: 
Monday, August 13, 2018 - 00:00