Daily Ruleset Update Summary 2018/04/11

[***]            Summary:            [***]

2 new Open, 17 new Pro (2 + 15). Pontoeb, MSIL/CRMSvc.ru Checkin, Empire Stager, Various Mobile.

Thanks: @James_inthe_box, @abuse_ch

[+++]          Added rules:          [+++]

Open:

2025484 - ET TROJAN Pontoeb CnC (trojan.rules)
2025485 - ET TROJAN Observed Malicious SSL Cert (CoreBot C2) (trojan.rules)

Pro:

2830338 - ETPRO CURRENT_EVENTS SocGoth B64 Inject Inbound (current_events.rules)
2830339 - ETPRO TROJAN MSIL/CRMSvc.ru Checkin (trojan.rules)
2830340 - ETPRO TROJAN Receiving Possible PowerShell Empire Stager (trojan.rules)
2830341 - ETPRO MOBILE_MALWARE Android/Trojan-Spy.FateSeason Domain Request in SNI (mobile_malware.rules)
2830342 - ETPRO MOBILE_MALWARE Android/Trojan-Spy.FateSeason Domain Request in SNI 2 (mobile_malware.rules)
2830343 - ETPRO MOBILE_MALWARE Android/Trojan-Spy.FateSeason Domain Request in SNI 3 (mobile_malware.rules)
2830344 - ETPRO USER_AGENTS Loki Bot PowerShell Downloader User-Agent (USR-KL) (user_agents.rules)
2830345 - ETPRO MOBILE_MALWARE Android/Monitor.Humanspy.C CnC Beacon (mobile_malware.rules)
2830346 - ETPRO TROJAN MSIL/Sentinal Keylogger Style IP Check (trojan.rules)
2830347 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 313 (mobile_malware.rules)
2830348 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 314 (mobile_malware.rules)
2830349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-11 1) (trojan.rules)
2830350 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-11 2) (trojan.rules)
2830351 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-11 3) (trojan.rules)
2830352 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-11 4) (trojan.rules)

[///]     Modified active rules:     [///]

2830317 - ETPRO TROJAN Urausy CnC (trojan.rules)

Date: 
Wednesday, April 11, 2018 - 00:00