[***] Summary: [***]
1 new Open, 23 new Pro (1 + 22). StrongPity, DKMC, Win32.Nocturnal, Various Mobile.
Thanks: @illegalfawn
[+++] Added rules: [+++]
Open:
2025582 - ET CURRENT_EVENTS Observed Malicious SSL Cert (Coinhive URL Shortener) (current_events.rules)
Pro:
2830952 - ETPRO TROJAN StrongPity CnC Domain (ms-sys-security .com in TLS SNI) (trojan.rules)
2830953 - ETPRO TROJAN StrongPity CnC DNS Lookup (trojan.rules)
2830954 - ETPRO TROJAN DKMC PS One-liner Inbound (trojan.rules)
2830955 - ETPRO TROJAN Possible DKMC Encoded BMP Inbound (trojan.rules)
2830956 - ETPRO TROJAN Win32.Nocturnal Stealer IP Check (trojan.rules)
2830957 - ETPRO TROJAN Win32.Nocturnal Stealer Checkin (trojan.rules)
2830958 - ETPRO TROJAN Win32.Nocturnal Updater Requesting EXE (trojan.rules)
2830959 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22) (current_events.rules)
2830960 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 348 (mobile_malware.rules)
2830961 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 2) (current_events.rules)
2830962 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 3) (current_events.rules)
2830963 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-22 4) (current_events.rules)
2830964 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 10 (mobile_malware.rules)
2830965 - ETPRO TROJAN Win32/Wakuang CnC Activity (trojan.rules)
2830966 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 11 (mobile_malware.rules)
2830967 - ETPRO MOBILE_MALWARE Android-PUP/Gallm.22d58 Checkin (mobile_malware.rules)
2830968 - ETPRO TROJAN Observed StrongPity User-Agent (trojan.rules)
2830969 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 18 (mobile_malware.rules)
2830970 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 19 (mobile_malware.rules)
2830971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 1) (trojan.rules)
2830972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 2) (trojan.rules)
2830973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-22 3) (trojan.rules)
[///] Modified active rules: [///]
2821712 - ETPRO TROJAN LatentBot HTTP POST Checkin (trojan.rules)
[---] Disabled and modified rules: [---]
2830930 - ETPRO TROJAN MSIL/SocketPlayer Killswitch DNS Lookup (trojan.rules)