[***] Summary: [***]
4 new Open, 41 new Pro (4 + 37). Locky CnC, MSIL/Ursa.Loader, Goldeneye, Coalabot, Various Phishing.
[+++] Added rules: [+++]
Open:
2026514 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.live) (trojan.rules)
2026515 - ET INFO Suspicious Redirect to Download EXE from Bitbucket (info.rules)
2026516 - ET CURRENT_EVENTS Possible Successful Phish - Generic Credential POST to Ngrok.io (current_events.rules)
2026517 - ET TROJAN Locky CnC Checkin (trojan.rules)
Pro:
2833135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 1) (trojan.rules)
2833136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 2) (trojan.rules)
2833137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 3) (trojan.rules)
2833138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-17 4) (trojan.rules)
2833139 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833140 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833141 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833142 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833143 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833144 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833145 - ETPRO TROJAN Gootkit C2 Domain DNS Lookup (trojan.rules)
2833146 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833147 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833148 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833149 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833150 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833151 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833152 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833153 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2833154 - ETPRO TROJAN Remcos RAT Checkin 74 (trojan.rules)
2833155 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-17) (current_events.rules)
2833156 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-17 2) (current_events.rules)
2833157 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload M3 (trojan.rules)
2833158 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish 2018-10-17 (current_events.rules)
2833159 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2018-10-17 (current_events.rules)
2833160 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-10-17 (current_events.rules)
2833161 - ETPRO CURRENT_EVENTS Successful Generic Banking Information Phish 2018-10-17 (current_events.rules)
2833162 - ETPRO CURRENT_EVENTS Successful 1&1 Hosting Phish 2018-10-17 (current_events.rules)
2833163 - ETPRO CURRENT_EVENTS Successful Impots.Gouv.fr Phish 2018-10-17 (current_events.rules)
2833164 - ETPRO TROJAN Goldeneye PWS - Initial Check-in (trojan.rules)
2833165 - ETPRO TROJAN Goldeneye PWS - Receive Commands Upon Join (trojan.rules)
2833166 - ETPRO TROJAN Goldeneye PWS - Active Window (trojan.rules)
2833167 - ETPRO TROJAN Goldeneye PWS - Recovering Passwords (trojan.rules)
2833168 - ETPRO TROJAN DarkComet-RAT Activity (trojan.rules)
2833169 - ETPRO TROJAN Coalabot CnC Check-in (trojan.rules)
2833170 - ETPRO TROJAN Coalabot Fake 404 Response (trojan.rules)
2833171 - ETPRO INFO Dynamic DNS Provider DNS Lookup (gotdns .ch) (info.rules)
[///] Modified active rules: [///]
2025496 - ET TROJAN Observed GandCrab Payment Domain (gandcrab in DNS Lookup) (trojan.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2828489 - ETPRO TROJAN FlawedGrace CnC Activity (trojan.rules)
[---] Disabled and modified rules: [---]
2026440 - ET TROJAN NCSC APT28 - CompuTrace_Beacon_UserAgent (trojan.rules)