[***]            Summary:            [***]

28 new Pro. JS WebSocket Miner, MSIL/SocketPlayer, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

2830924 - ETPRO CURRENT_EVENTS Tech Support Phone Scam - Redirection to Landing Inbound (current_events.rules)
2830925 - ETPRO CURRENT_EVENTS Tech Support Phone Scam Landing M1 - May 20 2018 (current_events.rules)
2830926 - ETPRO CURRENT_EVENTS Obfuscated Tech Support Phone Scam Landing M2 - May 20 2018 (current_events.rules)
2830927 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC Domain) (trojan.rules)
2830928 - ETPRO TROJAN Bateleur C2 Domain (cdn-googleapi .com in TLS SNI) (trojan.rules)
2830929 - ETPRO TROJAN Bateleur CnC DNS Lookup (trojan.rules)
2830930 - ETPRO TROJAN MSIL/SocketPlayer Killswitch DNS Lookup (trojan.rules)
2830931 - ETPRO CURRENT_EVENTS JS WebSocket Miner Inbound (current_events.rules)
2830932 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-21) (current_events.rules)
2830933 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-21 2) (current_events.rules)
2830934 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-21 3) (current_events.rules)
2830935 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-21 4) (current_events.rules)
2830936 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-21 5) (current_events.rules)
2830937 - ETPRO TROJAN W32/Comisproc Checkin M2 (trojan.rules)
2830938 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 344 (mobile_malware.rules)
2830939 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Agent.cr Checkin (mobile_malware.rules)
2830940 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 345 (mobile_malware.rules)
2830941 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 346 (mobile_malware.rules)
2830942 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 347 (mobile_malware.rules)
2830943 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in DNS Lookup) (trojan.rules)
2830944 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in TLS SNI) (trojan.rules)
2830945 - ETPRO TROJAN MSIL/u24 Keylogger FTP Activity (trojan.rules)
2830946 - ETPRO TROJAN MSIL/DomainX PWS FTP Exfil (trojan.rules)
2830947 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-21 1) (trojan.rules)
2830948 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-21 2) (trojan.rules)
2830949 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-21 3) (trojan.rules)
2830950 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-21 4) (trojan.rules)
2830951 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-21 5) (trojan.rules)

[///]     Modified active rules:     [///]

2830822 - ETPRO CURRENT_EVENTS Observed MalDoc Retrieving EXE Payload 2018-05-14 (current_events.rules)

Date: 
Sunday, May 20, 2018 - 22:00