[***]            Summary:            [***]

6 new Open, 17 new Pro (6 + 11). ELF/Win32 Lucky Ransomware, RedControle, Huitau Keylogger, Various SSL Certs.

[+++]          Added rules:          [+++]

2026722 - ET TROJAN Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI) (trojan.rules)
2026723 - ET TROJAN RedControle Probing Infected System (trojan.rules)
2026724 - ET TROJAN RedControle Communicating with CnC  (trojan.rules)
2026725 - ET TROJAN ELF/Win32 Lucky Ransomware CnC Checkin (trojan.rules)
2026726 - ET TROJAN ELF/Win32 Lucky Ransomware Encryption Process Started (trojan.rules)
2026727 - ET TROJAN ELF/Win32 Lucky Ransomware Reporting Successful File Encryption (trojan.rules)
2833908 - ETPRO TROJAN Kimsuky Chrome Extension Checkin (trojan.rules)
2833909 - ETPRO POLICY UltraVnc Session Outbound (policy.rules)
2833910 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-13 1) (trojan.rules)
2833911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-13 2) (trojan.rules)
2833912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-13 3) (trojan.rules)
2833913 - ETPRO TROJAN Huitau Keylogger CnC Conn Check (trojan.rules)
2833914 - ETPRO TROJAN Huitau Keylogger CnC Exfil (trojan.rules)
2833915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833917 - ETPRO CURRENT_EVENTS Wide Invoke Obfuscated PowerShell Inbound (current_events.rules)
2833918 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper Related SocEng) (trojan.rules)

[///]     Modified active rules:     [///]

2830701 - ETPRO TROJAN W32/Emotet CnC Checkin (trojan.rules)
2833765 - ETPRO TROJAN OilRig BONDUPDATER C2 via DNS (trojan.rules)

Date: 
Thursday, December 13, 2018 - 00:00