[***]            Summary:            [***]

12 new Open, 42 new Pro (12 + 30). Remcos RAT, MSIL/Biskvit.A, MSIL/EWX.Loader, CVE-2018-11776, Various Phish.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2026016 - ET TROJAN Win32/Remcos RAT Checkin 26 (trojan.rules)
2026017 - ET TROJAN Win32/Remcos RAT Checkin 27 (trojan.rules)
2026018 - ET TROJAN Win32/Remcos RAT Checkin 28 (trojan.rules)
2026019 - ET TROJAN Win32/Remcos RAT Checkin 29 (trojan.rules)
2026020 - ET TROJAN Win32/Remcos RAT Checkin 30 (trojan.rules)
2026021 - ET TROJAN MSIL/BISKVIT DNS Lookup (bigboss .x24hr .com) (trojan.rules)
2026022 - ET TROJAN MSIL/BISKVIT DNS Lookup (secured-links .org) (trojan.rules)
2026023 - ET EXPLOIT SonicWall Global Management System - XMLRPC set_time_zone Command Injection (exploit.rules)
2026024 - ET EXPLOIT Apache Struts Possible OGNL Java Exec In URI M2 (exploit.rules)
2026025 - ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M1 (exploit.rules)
2026026 - ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M2 (exploit.rules)
2026027 - ET TROJAN [PT MALWARE] Hacked Mikrotik C2 Request (trojan.rules)

Pro:

2832280 - ETPRO MALWARE MSIL/AdClicker.FAM Communicating with CnC via HTTP Cookie (malware.rules)
2832281 - ETPRO TROJAN Win32/Remcos RAT Checkin 31 (trojan.rules)
2832282 - ETPRO TROJAN Win32/Remcos RAT Checkin 32 (trojan.rules)
2832283 - ETPRO TROJAN Win32/Remcos RAT Checkin 33 (trojan.rules)
2832284 - ETPRO TROJAN Win32/Remcos RAT Checkin 34 (trojan.rules)
2832285 - ETPRO TROJAN Win32/Remcos RAT Checkin 35 (trojan.rules)
2832286 - ETPRO TROJAN Win32/Remcos RAT Checkin 36 (trojan.rules)
2832287 - ETPRO TROJAN Win32/Remcos RAT Checkin 37 (trojan.rules)
2832288 - ETPRO TROJAN Win32/Remcos RAT Checkin 38 (trojan.rules)
2832289 - ETPRO TROJAN Win32/Remcos RAT Checkin 39 (trojan.rules)
2832290 - ETPRO TROJAN Win32/Remcos RAT Checkin 40 (trojan.rules)
2832291 - ETPRO TROJAN MSIL/BISKVIT CnC Sending Instructions to Infected Host (trojan.rules)
2832292 - ETPRO TROJAN MSIL/BISKVIT CnC Checkin (trojan.rules)
2832293 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Adware.Zdengo.BCX CnC Domain) (malware.rules)
2832294 - ETPRO MALWARE Win32/Adware.Zdengo.BCX CnC Checkin (malware.rules)
2832295 - ETPRO POLICY Possible External IP Lookup SSL Cert Observed (iplogger .com) (policy.rules)
2832296 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Checkin (trojan.rules)
2832297 - ETPRO TROJAN Win32/Zpevdo.A Receiving Steal Logins Instruction from CnC (trojan.rules)
2832298 - ETPRO TROJAN Win32/Zpevdo.A Receiving Steal Cookies Instruction from CnC (trojan.rules)
2832299 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bitly .com M2 (Observed in MalDoc Campaigns) (current_events.rules)
2832300 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-23) (current_events.rules)
2832301 - ETPRO TROJAN MSIL/Kryptik.OQB Checkin (trojan.rules)
2832302 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-08-23 (current_events.rules)
2832303 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-08-23 (current_events.rules)
2832304 - ETPRO CURRENT_EVENTS Successful Bank_of_America Phish 2018-08-23 (current_events.rules)
2832305 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-23 1) (trojan.rules)
2832306 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-23 2) (trojan.rules)
2832307 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-08-23 (current_events.rules)
2832308 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-23 3) (trojan.rules)
2832309 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-08-23 (current_events.rules)

[///]     Modified active rules:     [///]

2019696 - ET CURRENT_EVENTS Possible MalDoc Payload Download Nov 11 2014 (current_events.rules)
2022209 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC) (trojan.rules)
2022211 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC) (trojan.rules)
2830732 - ETPRO TROJAN Observed Malicious SSL Cert (AdvisorsBot CnC Domain) (trojan.rules)
2830733 - ETPRO TROJAN Observed AdvisorsBot CnC Domain Domain (investments-advisors .bid in TLS SNI) (trojan.rules)
2832142 - ETPRO TROJAN Win32/Marap CnC Beacon (trojan.rules)

[---]         Removed rules:         [---]

2825754 - ETPRO TROJAN Win32/Remcos RAT Checkin 4 (trojan.rules)

Date: 
Wednesday, August 22, 2018 - 22:00