[***]            Summary:            [***]

7 new Open, 15 new Pro (7 + 8). OSX/Shlayer, Trickbot networkDll Module, Various SSL/TLS.

[+++]          Added rules:          [+++]

Open:

2026908 - ET POLICY Suspicious SSN Parameter in HTTP POST - Possible Phishing (policy.rules)
2026909 - ET POLICY Suspicious CVV Parameter in HTTP POST - Possible Phishing (policy.rules)
2026910 - ET TROJAN OSX/Shlayer CnC Activity M1 (trojan.rules)
2026911 - ET TROJAN OSX/Shlayer CnC Activity M2 (trojan.rules)
2026912 - ET TROJAN OSX/Shlayer CnC Activity M3 (trojan.rules)
2026913 - ET TROJAN OSX/Shlayer CnC Activity M4 (trojan.rules)
2026914 - ET USER_AGENTS SFML User-Agent (libsfml-network) (user_agents.rules)

Pro:

2834880 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dg CnC Beacon (mobile_malware.rules)
2834881 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dg CnC Beacon 2 (mobile_malware.rules)
2834882 - ETPRO MOBILE_MALWARE Android/SMSFlooder.Agent.CK Checkin (mobile_malware.rules)
2834883 - ETPRO TROJAN Trickbot Requesting networkDll Module (trojan.rules)
2834884 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI (current_events.rules)
2834885 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI (current_events.rules)
2834886 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI (current_events.rules)
2834887 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

Date: 
Wednesday, February 13, 2019 - 22:00