[***]            Summary:            [***]

5 new Open, 42 new Pro (5 + 37). Win/Meta Implant, MSIL/Supreme Miner, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025639 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup 1 (mobile_malware.rules)
2025640 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup 2 (mobile_malware.rules)
2025641 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup 3 (mobile_malware.rules)
2025642 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup 4 (mobile_malware.rules)
2025643 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup 5 (mobile_malware.rules)

Pro:

2831544 - ETPRO MOBILE_MALWARE Android.Shedun Requesting Additional Payload (mobile_malware.rules)
2831545 - ETPRO MOBILE_MALWARE Android.Shedun CnC Checkin (mobile_malware.rules)
2831546 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2018-07-05 (current_events.rules)
2831547 - ETPRO CURRENT_EVENTS Successful Nationwide Bank Phish 2018-07-05 (current_events.rules)
2831548 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2018-07-05 (current_events.rules)
2831549 - ETPRO MOBILE_MALWARE Android.SmsPay CnC Checkin (mobile_malware.rules)
2831550 - ETPRO CURRENT_EVENTS Successful Christian Mingle Phish 2018-07-05 (current_events.rules)
2831551 - ETPRO CURRENT_EVENTS Successful Booking.com Phish M1 2018-07-05 (current_events.rules)
2831552 - ETPRO CURRENT_EVENTS Successful Booking.com Phish M2 2018-07-05 (current_events.rules)
2831553 - ETPRO CURRENT_EVENTS Successful Booking.com Phish M3 2018-07-05 (current_events.rules)
2831554 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish 2018-07-05 (current_events.rules)
2831555 - ETPRO TROJAN MSIL/Supreme Miner CnC Checkin M2 (trojan.rules)
2831556 - ETPRO TROJAN Win/Meta Implant Communicating with CnC (trojan.rules)
2831557 - ETPRO TROJAN MSIL/Supreme Miner CnC Checkin M3 (trojan.rules)
2831558 - ETPRO WEB_SPECIFIC_APPS CMS Made Simple Remote Code Execution (web_specific_apps.rules)
2831559 - ETPRO WEB_SPECIFIC_APPS Online Trade - Information Disclosure (web_specific_apps.rules)
2831560 - ETPRO WEB_SPECIFIC_APPS ShopNx - Arbitrary File Upload (web_specific_apps.rules)
2831561 - ETPRO EXPLOIT ADB Broadband Authorization Bypass (exploit.rules)
2831562 - ETPRO WEB_SPECIFIC_APPS SoftExpert Excellence Suite 2.0 SQL Injection (web_specific_apps.rules)
2831563 - ETPRO WEB_SPECIFIC_APPS ManageEngine Exchange Reporter Plus Remote Code Execution (web_specific_apps.rules)
2831564 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove CnC Beacon (mobile_malware.rules)
2831565 - ETPRO TROJAN Win32/Vigorf.A Checkin (trojan.rules)
2831566 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 1) (trojan.rules)
2831567 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 2) (trojan.rules)
2831568 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 3) (trojan.rules)
2831569 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 4) (trojan.rules)
2831570 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 5) (trojan.rules)
2831571 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 6) (trojan.rules)
2831572 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 7) (trojan.rules)
2831573 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 8) (trojan.rules)
2831574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 9) (trojan.rules)
2831575 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 10) (trojan.rules)
2831576 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 11) (trojan.rules)
2831577 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 12) (trojan.rules)
2831578 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 13) (trojan.rules)
2831579 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 14) (trojan.rules)
2831580 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-05 15) (trojan.rules)

[///]     Modified active rules:     [///]

2828205 - ETPRO TROJAN MSIL/Kryptik.JJC/GalaxyRAT IP Check (trojan.rules)

Date: 
Wednesday, July 4, 2018 - 22:00