[***]            Summary:            [***]

1 new Open, 22 new Pro (1 + 21). Iron/Maktub Locker, MSIL/Limitail Variant, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025486 - ET TROJAN Iron/Maktub Locker Ransomware CnC Checkin (trojan.rules)

Pro:

2830353 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-04-11) (current_events.rules)
2830354 - ETPRO CURRENT_EVENTS Successful BMO Phish 2018-04-11 (current_events.rules)
2830355 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-04-11 (current_events.rules)
2830356 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 2018-04-11 (current_events.rules)
2830357 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 2018-04-11 (current_events.rules)
2830358 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2018-04-11 (current_events.rules)
2830359 - ETPRO TROJAN Loki Bot PowerShell Downloader Domain in SNI (trojan.rules)
2830360 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun Variant CnC Responding With Payload List (mobile_malware.rules)
2830361 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun Variant CnC Checkin (mobile_malware.rules)
2830362 - ETPRO TROJAN MSIL/Limitail Variant CnC (Requesting Payload Hashes) (trojan.rules)
2830363 - ETPRO TROJAN MSIL/Limitail Variant CnC Sending Payload Hashes (trojan.rules)
2830364 - ETPRO CURRENT_EVENTS MalDoc Retrieving Benign Document (current_events.rules)
2830365 - ETPRO MALWARE PUP/Win32.Snojan Checkin (malware.rules)
2830366 - ETPRO MALWARE PUP/Win32.MailRu.M Checkin (malware.rules)
2830367 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 29 (mobile_malware.rules)
2830368 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 1) (trojan.rules)
2830369 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 2) (trojan.rules)
2830370 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 3) (trojan.rules)
2830371 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 4) (trojan.rules)
2830372 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 5) (trojan.rules)
2830373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-12 6) (trojan.rules)

[///]     Modified active rules:     [///]

2025485 - ET TROJAN Observed Malicious SSL Cert (CoreBot C2) (trojan.rules)
2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable file inbound (observed in maldoc campaign) (web_client.rules)

Date: 
Thursday, April 12, 2018 - 00:00