[***] Summary: [***]
15 new Open rules, 28 new Pro rules (15/13). KAPTOXA, PCRat, Morix, D-Link DIR-100 exploit.
Thanks to: rmkml, @EKWatcher and mex for their contributions.
[+++] Added rules: [+++]
Open:
2018054 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 20 (trojan.rules)
2018055 – ET TROJAN Uprate Binary Download Jan 02 2014 (trojan.rules)
2018056 – ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY. (web_server.rules)
2018057 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 21 (trojan.rules)
2018058 – ET TROJAN Possible KAPTOXA SMB Naming Format (trojan.rules)
2018059 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 1 (trojan.rules)
2018060 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 2 (trojan.rules)
2018061 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 3 (trojan.rules)
2018062 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 4 (trojan.rules)
2018063 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 5 (trojan.rules)
2018064 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 6 (trojan.rules)
2018065 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 7 (trojan.rules)
2018066 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 8 (trojan.rules)
2018067 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 9 (trojan.rules)
2018068 – ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 10 (trojan.rules)
Pro:
2807587 – ETPRO TROJAN Win32/Redosdru.C CnC (OUTBOUND) (trojan.rules)
2807588 – ETPRO TROJAN Trojan.Win32.Staser.unn CnC (OUTBOUND) (trojan.rules)
2807589 – ETPRO TROJAN Win32/ServStart.gen!A Checkin (trojan.rules)
2807590 – ETPRO TROJAN Backdoor.Win32/Morix.B CnC traffic (trojan.rules)
2807591 – ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2807592 – ETPRO MALWARE Trojan.Script.BAT.Agent.db!159552 (malware.rules)
2807593 – ETPRO MALWARE Adware.Downware.918 Checkin (malware.rules)
2807594 – ETPRO EXPLOIT D-Link DIR-100 admin password disclosure attempt (exploit.rules)
2807595 – ETPRO EXPLOIT D-Link DIR-100 admin password disclosure success (exploit.rules)
2807596 – ETPRO EXPLOIT D-Link DIR-100 information disclosure attempt (exploit.rules)
2807597 – ETPRO TROJAN Win32/ServStart.gen!A Checkin 2 (trojan.rules)
2807598 – ETPRO TROJAN Trojan-Dropper.Win32.Injector.ijtz Checkin (trojan.rules)
2807599 – ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
[///] Modified active rules: [///]
2002677 – ET SCAN Nikto Web App Scan in Progress (scan.rules)
2016688 – ET FTP Outbound Java Downloading jar over FTP (ftp.rules)
2017548 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 3 (trojan.rules)
2017974 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15 (trojan.rules)
[---] Removed rules: [---]
2804966 – ETPRO TROJAN Backdoor Win32/Morix.B CnC Traffic (trojan.rules)
2807454 – ETPRO TROJAN Rincux Checkin (trojan.rules)