[***]            Summary:            [***]

1 new Open, 23 new Pro (1 + 22). StrongPity, DKMC, Win32.Nocturnal, Various Mobile.

Thanks: @illegalfawn

[+++]          Added rules:          [+++]

Open:

2025582 - ET CURRENT_EVENTS Observed Malicious SSL Cert (Coinhive URL Shortener) (current_events.rules)

Pro:

2830952 - ETPRO TROJAN StrongPity CnC Domain (ms-sys-security .com in TLS SNI) (trojan.rules)
2830953 - ETPRO TROJAN StrongPity CnC DNS Lookup (trojan.rules)
2830954 - ETPRO TROJAN DKMC PS One-liner Inbound (trojan.rules)
2830955 - ETPRO TROJAN Possible DKMC Encoded BMP Inbound (trojan.rules)
2830956 - ETPRO TROJAN Win32.Nocturnal Stealer IP Check (trojan.rules)
2830957 - ETPRO TROJAN Win32.Nocturnal Stealer Checkin (trojan.rules)
2830958 - ETPRO TROJAN Win32.Nocturnal Updater Requesting EXE (trojan.rules)
2830959 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22) (current_events.rules)
2830960 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 348 (mobile_malware.rules)
2830961 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 2) (current_events.rules)
2830962 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 3) (current_events.rules)
2830963 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 4) (current_events.rules)
2830964 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 10 (mobile_malware.rules)
2830965 - ETPRO TROJAN Win32/Wakuang CnC Activity (trojan.rules)
2830966 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 11 (mobile_malware.rules)
2830967 - ETPRO MOBILE_MALWARE Android-PUP/Gallm.22d58 Checkin (mobile_malware.rules)
2830968 - ETPRO TROJAN Observed StrongPity User-Agent (trojan.rules)
2830969 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 18 (mobile_malware.rules)
2830970 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 19 (mobile_malware.rules)
2830971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 1) (trojan.rules)
2830972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 2) (trojan.rules)
2830973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 3) (trojan.rules)

[///]     Modified active rules:     [///]

2821712 - ETPRO TROJAN LatentBot HTTP POST Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2830930 - ETPRO TROJAN MSIL/SocketPlayer Killswitch DNS Lookup (trojan.rules)

Date: 
Monday, May 21, 2018 - 22:00