[***] Summary: [***]
2 new Open, 29 new Pro (2 + 27). MageCart Exfil Domain, Win32/Agent.SZW, CVE-2018-8459, Various Mobile.
[+++] Added rules: [+++]
Open:
2026110 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain) (trojan.rules)
2026111 - ET CURRENT_EVENTS Microsoft Tech Support Phone Scam Landing 2018-09-12 (current_events.rules)
Pro:
2832539 - ETPRO CURRENT_EVENTS PowerShell EP Bypass and String Download - Possible Stage 2 (current_events.rules)
2832540 - ETPRO TROJAN Win32/Agent.SZW CnC Checkin (trojan.rules)
2832541 - ETPRO TROJAN Win32/Agent.SZW Requesting Stage 2 (trojan.rules)
2832542 - ETPRO TROJAN Win32/DanaBot CnC Checkin M2 (trojan.rules)
2832543 - ETPRO TROJAN Win32/DanaBot Payloads Inbound from CnC (FF Variant) M2 (trojan.rules)
2832544 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 403 (mobile_malware.rules)
2832545 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 404 (mobile_malware.rules)
2832546 - ETPRO WEB_CLIENT Microsoft Edge Type Confusion Attempt (CVE-2018-8459) (web_client.rules)
2832547 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-09-12 (current_events.rules)
2832548 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 405 (mobile_malware.rules)
2832549 - ETPRO CURRENT_EVENTS Successful American Express Phish 2018-09-12 (current_events.rules)
2832550 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-09-12 (current_events.rules)
2832551 - ETPRO MOBILE_MALWARE Android/SMSreg.NK Checkin (mobile_malware.rules)
2832552 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dinaxx CnC Beacon (mobile_malware.rules)
2832553 - ETPRO MOBILE_MALWARE Android/Obfus.IQ CnC Beacon (mobile_malware.rules)
2832554 - ETPRO MOBILE_MALWARE Android/Rootnik-AI Checkin (mobile_malware.rules)
2832555 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-12) (current_events.rules)
2832556 - ETPRO TROJAN Possible Win32/Zpevdo.A Desktop Exfiltration (trojan.rules)
2832557 - ETPRO CURRENT_EVENTS Possible Win32/Zpevdo.A Firefox Exfiltration (current_events.rules)
2832558 - ETPRO CURRENT_EVENTS Possible MiniRat Websocket Init (current_events.rules)
2832559 - ETPRO TROJAN Win32/Zpevdo.A Checkin (trojan.rules)
2832560 - ETPRO TROJAN Win32/Zpevdo.A Requesting Payload (trojan.rules)
2832561 - ETPRO TROJAN Win32/Zpevdo.A Retrieving Payload (trojan.rules)
2832562 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 1) (trojan.rules)
2832563 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 2) (trojan.rules)
2832564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 3) (trojan.rules)
2832565 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 4) (trojan.rules)
[///] Modified active rules: [///]
2025972 - ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847) (exploit.rules)
2828244 - ETPRO TROJAN Win32.PowerPool CnC Checkin (trojan.rules)