[***] Summary: [***]
5 new Open, 12 new Pro(5 + 7). SC.Backdoor, SSHBRUTE.A Haiduc, CVE-2018-15979, Various Mobile.
Thanks: James Lay, Kevin Ross
[+++] Added rules: [+++]
Open:
2026640 - ET TROJAN Kraken C2 Domain Observed (kraken656kn6wyyx in DNS Lookup) (trojan.rules)
2026641 - ET TROJAN SC.Backdoor/TeleRAT Checkin (trojan.rules)
2026642 - ET TROJAN HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST (trojan.rules)
2026643 - ET INFO Plaintext SSH Authentication Identified (Encryption set to None) (info.rules)
2026644 - ET CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader Domain) (current_events.rules)
Pro:
2833603 - ETPRO MOBILE_MALWARE Android/Locker.PN Checkin (mobile_malware.rules)
2833604 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Feiad.b Location Exfil (mobile_malware.rules)
2833605 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.uf Checkin (mobile_malware.rules)
2833606 - ETPRO MOBILE_MALWARE Riskware.Android.Revmob.dyzsji Checkin (mobile_malware.rules)
2833607 - ETPRO EXPLOIT PDF Containing Possible Acrobat Go-to Action Exploitation (CVE-2018-15979) (exploit.rules)
2833608 - ETPRO CURRENT_EVENTS Steam Phish Landing 2018-11-21 (current_events.rules)
2833609 - ETPRO TROJAN BR.Banker CnC Checkin (trojan.rules)
[///] Modified active rules: [///]
2013186 - ET TROJAN Win32.Renos/Artro Trojan Checkin M1 (trojan.rules)
2826931 - ETPRO TROJAN Idicaf CnC Beacon (trojan.rules)