[***] Summary: [***]
3 new Open, 5 new Pro (3 + 2). CVE-2017-7924, SharpShooter, Various SSL/TLS.
Thanks to Kevin Ross, José Diogo Monteiro, Luis Rosa, and Miguel Borges de Freitas
[+++] Added rules: [+++]
Open:
2026917 - ET EXPLOIT Possible MicroLogix 1100 PCCC DoS Condition (CVE-2017-7924) (exploit.rules)
2026918 - ET TROJAN Possible SharpShooter Framework Generated Script (trojan.rules)
2026919 - ET TROJAN Possible SharpShooter Framework Generated VBS Script (trojan.rules)
Pro:
2834904 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834905 - ETPRO TROJAN Observed DNS Query to Known DNS Exfil CnC Domain (trojan.rules)