[***]            Summary:            [***]

5 new Open, 12 new Pro(5 + 7). SC.Backdoor, SSHBRUTE.A Haiduc, CVE-2018-15979, Various Mobile.

Thanks:  James Lay, Kevin Ross

[+++]          Added rules:          [+++]

Open:

2026640 - ET TROJAN Kraken C2 Domain Observed (kraken656kn6wyyx in DNS Lookup) (trojan.rules)
2026641 - ET TROJAN SC.Backdoor/TeleRAT Checkin (trojan.rules)
2026642 - ET TROJAN HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST (trojan.rules)
2026643 - ET INFO Plaintext SSH Authentication Identified (Encryption set to None) (info.rules)
2026644 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader Domain) (current_events.rules)

Pro:

2833603 - ETPRO MOBILE_MALWARE Android/Locker.PN Checkin (mobile_malware.rules)
2833604 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Feiad.b Location Exfil (mobile_malware.rules)
2833605 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.uf Checkin (mobile_malware.rules)
2833606 - ETPRO MOBILE_MALWARE Riskware.Android.Revmob.dyzsji Checkin (mobile_malware.rules)
2833607 - ETPRO EXPLOIT PDF Containing Possible Acrobat Go-to Action Exploitation (CVE-2018-15979) (exploit.rules)
2833608 - ETPRO CURRENT_EVENTS Steam Phish Landing 2018-11-21 (current_events.rules)
2833609 - ETPRO TROJAN BR.Banker CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2013186 - ET TROJAN Win32.Renos/Artro Trojan Checkin M1 (trojan.rules)
2826931 - ETPRO TROJAN Idicaf CnC Beacon (trojan.rules)

Date: 
Wednesday, November 21, 2018 - 00:00