[***]            Summary:            [***]

30 new Pro. MSIL/FakeZeus, PS/QuadAgent, Various Mobile.

[+++]          Added rules:          [+++]

2831047 - ETPRO TROJAN MSIL/FakeZeus CnC Checkin (trojan.rules)
2831048 - ETPRO POLICY Observed SSL Cert (IP Lookup - ipify .org) (policy.rules)
2831049 - ETPRO TROJAN PS/QuadAgent Communicating with CnC (trojan.rules)
2831050 - ETPRO TROJAN QuadAgent C2 Domain (rdppath .com in TLS SNI) (trojan.rules)
2831051 - ETPRO TROJAN Observed Malicious SSL Cert (QuadAgent CnC Domain) (trojan.rules)
2831052 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-29) (current_events.rules)
2831053 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-29 2) (current_events.rules)
2831054 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-29 3) (current_events.rules)
2831055 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.bf Checkin (mobile_malware.rules)
2831056 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 352 (mobile_malware.rules)
2831057 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 353 (mobile_malware.rules)
2831058 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 354 (mobile_malware.rules)
2831059 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 355 (mobile_malware.rules)
2831060 - ETPRO TROJAN Observed Malicious SSL Cert (APT 10 MenuPass CnC) (trojan.rules)
2831061 - ETPRO TROJAN Observed APT 10 MenuPass CnC Domain (www .jadl-or .com in TLS SNI) (trojan.rules)
2831062 - ETPRO TROJAN MSIL.Spy.chipEX Checkin (trojan.rules)
2831063 - ETPRO TROJAN MSIL.Spy.chipEX Checkin 2 (trojan.rules)
2831064 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 1) (trojan.rules)
2831065 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 2) (trojan.rules)
2831066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 3) (trojan.rules)
2831067 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 4) (trojan.rules)
2831068 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 5) (trojan.rules)
2831069 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 6) (trojan.rules)
2831070 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 7) (trojan.rules)
2831071 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 8) (trojan.rules)
2831072 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 9) (trojan.rules)
2831073 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 10) (trojan.rules)
2831074 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-29 11) (trojan.rules)
2831075 - ETPRO MALWARE Win32/InstallPack.C Checkin (malware.rules)
2831076 - ETPRO TROJAN Sysffic TDS CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header Struct) (trojan.rules)
2830999 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 351 (mobile_malware.rules)

Date: 
Monday, May 28, 2018 - 22:00