[***]            Summary:            [***]

30 new Pro. Blue Botnet, Unix/VPNFilter, Various Mobile, Phishing.

[+++]          Added rules:          [+++]

2830997 - ETPRO TROJAN Observed Malicious SSL Cert (Blue Botnet CnC) (trojan.rules)
2830998 - ETPRO WEB_CLIENT Likely Malicious ActiveX Object Fingerprinting (web_client.rules)
2830999 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 351 (mobile_malware.rules)
2831000 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin (mobile_malware.rules)
2831001 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin 2 (mobile_malware.rules)
2831002 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin 3 (mobile_malware.rules)
2831003 - ETPRO TROJAN Remcos RAT Checkin 18 (trojan.rules)
2831004 - ETPRO TROJAN LokiBot CnC Domain (cpanellokipanel .tk in TLS SNI) (trojan.rules)
2831005 - ETPRO POLICY Observed Suspicious SSL Cert (Possible KnowB4 Phish Training) (policy.rules)
2831006 - ETPRO TROJAN LokiBot CnC DNS Lookup (lokipanel) (trojan.rules)
2831007 - ETPRO TROJAN Unix/VPNFilter IP Check (trojan.rules)
2831008 - ETPRO TROJAN Unix/VPNFilter HTTP Request Structure 1 (trojan.rules)
2831009 - ETPRO TROJAN Unix/VPNFilter HTTP Request Structure 2 (trojan.rules)
2831010 - ETPRO TROJAN Unix/VPNFilter SSL Certificate (trojan.rules)
2831011 - ETPRO POLICY Observed External IP Lookup - meuip .com (policy.rules)
2831012 - ETPRO TROJAN Observed Malicious SSL Cert (LokiBot CnC Domain lokipanel) (trojan.rules)
2831013 - ETPRO MOBILE_MALWARE Trojan.Android.CracApp Reporting Infection via SMTP (mobile_malware.rules)
2831014 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-24) (current_events.rules)
2831015 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-24 2) (current_events.rules)
2831016 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-24 3) (current_events.rules)
2831017 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-24 4) (current_events.rules)
2831018 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload 2018-05-24 (current_events.rules)
2831019 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 1) (trojan.rules)
2831020 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 2) (trojan.rules)
2831021 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 3) (trojan.rules)
2831022 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 4) (trojan.rules)
2831023 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 5) (trojan.rules)
2831024 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 6) (trojan.rules)
2831025 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 7) (trojan.rules)
2831026 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-24 8) (trojan.rules)

[///]     Modified active rules:     [///]

2808656 - ETPRO POLICY LabTech/ConnectWise Automate PC remote control session setup (policy.rules)
2816716 - ETPRO USER_AGENTS LabTech/ConnectWise Automate MSP UA (user_agents.rules)
2816717 - ETPRO POLICY LabTech/ConnectWise Automate MSP Agent Checkin (policy.rules)
2824763 - ETPRO POLICY LabTech/ConnectWise Automate Remote Control Session Activity (policy.rules)
2828652 - ETPRO POLICY LabTechAgent/ConnectWise Automate Remote Admin Tool Checkin (policy.rules)
2830701 - ETPRO TROJAN W32/Emotet CnC Checkin (trojan.rules)
2830969 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 18 (mobile_malware.rules)
2830970 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 19 (mobile_malware.rules)
2830987 - ETPRO TROJAN W32.Kuik Checkin (trojan.rules)

Date: 
Thursday, May 24, 2018 - 00:00