[***]            Summary:            [***]

4 new Open, 21 new Pro (4 + 17). CVE-2018-15716, DonotGroup/Patchwork DNS, FinderBot, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026982 - ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716) (exploit.rules)
2026983 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
2026984 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
2026985 - ET TROJAN ArtraDownloader CnC Checkin (trojan.rules)

Pro:

2835049 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-26 1) (trojan.rules)
2835050 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-26 2) (trojan.rules)
2835051 - ETPRO TROJAN Unk.MalDoc CnC Beacon (trojan.rules)
2835052 - ETPRO TROJAN FinderBot Recieving Tasks (trojan.rules)
2835053 - ETPRO TROJAN FinderBot User-Agent (Finder/) (trojan.rules)
2835054 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-26 (current_events.rules)
2835055 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2019-02-26 (current_events.rules)
2835056 - ETPRO TROJAN EightRed CnC Activity Observed (trojan.rules)
2835057 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-02-26 (current_events.rules)
2835058 - ETPRO CURRENT_EVENTS Successful ATT Phish 2019-02-26 (current_events.rules)
2835059 - ETPRO CURRENT_EVENTS Successful Box Phish 2019-02-26 (current_events.rules)
2835060 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-02-26 (current_events.rules)
2835061 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-26 (current_events.rules)
2835062 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-26 (current_events.rules)
2835063 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-26 (current_events.rules)
2835064 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-26 (current_events.rules)
2835065 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2019-02-26 (current_events.rules)

[///]     Modified active rules:     [///]

2026641 - ET TROJAN ArtraDownloader/TeleRAT Checkin (trojan.rules)
2026740 - ET TROJAN Win32/ArtraDownloader Checkin (trojan.rules)
2832193 - ETPRO TROJAN Vidar/Arkei Stealer HTTP POST Pattern (trojan.rules)
2833559 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M1 (exploit.rules)
2833560 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M2 (exploit.rules)
2833561 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M3 (exploit.rules)
2833562 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M4 (exploit.rules)
2833563 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M5 (exploit.rules)
2833564 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M6 (Bruteforce) (exploit.rules)
2833565 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M7 (Bruteforce) (exploit.rules)
2833566 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M8 (Bruteforce) (exploit.rules)
2833567 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M9 (Bruteforce) (exploit.rules)

Date: 
Monday, February 25, 2019 - 22:00