[***] Summary: [***]
2 new Open, 15 new Pro (2 + 13). Win32/Aura Ransomware, MR.Dropper.KR TLS SNI, N0F1L3/Eredel Stealer Variant.
[+++] Added rules: [+++]
Open:
2026099 - ET TROJAN Win32/Aura Ransomware CnC Activity (trojan.rules)
2026100 - ET USER_AGENTS Aura Ransomware User-Agent (user_agents.rules)
Pro:
2832467 - ETPRO INFO HTTP Request for Single Char PS1 (info.rules)
2832468 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832469 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832470 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload Inbound 2018-09-06) (trojan.rules)
2832471 - ETPRO TROJAN Ursnif Variant CnC Beacon 9 M1 (trojan.rules)
2832472 - ETPRO TROJAN Ursnif Variant CnC Beacon 9 M2 (trojan.rules)
2832473 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Landing Sep 2018 M2 (current_events.rules)
2832474 - ETPRO TROJAN N0F1L3/Eredel Stealer Variant CnC Checkin (trojan.rules)
2832475 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1 2018-09-27 (current_events.rules)
2832476 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 1) (trojan.rules)
2832477 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 2) (trojan.rules)
2832478 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 3) (trojan.rules)
2832479 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 4) (trojan.rules)
[///] Modified active rules: [///]
2025982 - ET TROJAN MSIL/Eredel Stealer CnC Checkin (trojan.rules)
2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check (trojan.rules)
2832438 - ETPRO TROJAN Win32/DanaBot CnC Checkin (trojan.rules)