[***]            Summary:            [***]

5 new Open, 21 new Pro (5 + 16). Sharik/Smoke, 2018-9206, XpertRAT, CyberGate, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026552 - ET WEB_SERVER Possible jQuery File Upload Attempt 2018-9206 (web_server.rules)
2026553 - ET CURRENT_EVENTS Successful Generic Phish to zap-webspace.com Webhost 2018-10-25 (current_events.rules)
2026554 - ET CURRENT_EVENTS Successful Cryptocurrency Exchange Phish (set) 2018-10-25 (current_events.rules)
2026555 - ET TROJAN Sharik/Smoke CnC Beacon 12 (trojan.rules)
2026556 - ET TROJAN Sharik/Smoke Fake 404 Response with Payload Location (trojan.rules)

Pro:

2833278 - ETPRO MOBILE_MALWARE Android/Nsaram Device Info Exfil (mobile_malware.rules)
2833279 - ETPRO TROJAN W32.SpyBanker.BR Variant Checkin (trojan.rules)
2833280 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-25 1) (trojan.rules)
2833281 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-25 2) (trojan.rules)
2833282 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-25 3) (trojan.rules)
2833283 - ETPRO TROJAN XpertRAT CnC Response 2 (trojan.rules)
2833284 - ETPRO TROJAN XpertRAT CnC Requesting Passwords (trojan.rules)
2833285 - ETPRO TROJAN XpertRAT CnC Keep-Alive (Inbound) (trojan.rules)
2833286 - ETPRO TROJAN CyberGate RAT CnC Activity (trojan.rules)
2833287 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-25) (current_events.rules)
2833288 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-25 2) (current_events.rules)
2833289 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833290 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-10-25 (current_events.rules)
2833291 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2018-10-25 (current_events.rules)
2833292 - ETPRO CURRENT_EVENTS Successful IDEX Cryptocurrency Phish 2018-10-22 (current_events.rules)
2833293 - ETPRO TROJAN Observed Malicious SSL Cert (Sharik/SmokeLoader CnC Domain) (trojan.rules)

[///]     Modified active rules:     [///]

2815936 - ETPRO TROJAN XpertRAT CnC Checkin (trojan.rules)

Date: 
Thursday, October 25, 2018 - 00:00