[***]            Summary:            [***]

6 new Open, 34 new Pro (6 + 28). JS Sniffer, AZORult Variant.4, SurveyLocker, Various Phish, Mobile.

Thanks: @James_inthe_box

[+++]          Added rules:          [+++]

Open:

2025880 - ET CURRENT_EVENTS Volexity – JS Sniffer Data Theft Beacon Detected (current_events.rules)
2025881 - ET CURRENT_EVENTS JS Sniffer Framework Sending to CnC (current_events.rules)
2025882 - ET EXPLOIT MVPower DVR Shell UCE MSF Check (exploit.rules)
2025883 - ET EXPLOIT MVPower DVR Shell UCE (exploit.rules)
2025884 - ET EXPLOIT Multiple CCTV-DVR Vendors RCE (exploit.rules)
2025885 - ET TROJAN AZORult Variant.4 Checkin (trojan.rules)

Pro:

2831925 - ETPRO USER_AGENTS Suspicious User-Agent (MyUserAgent) (user_agents.rules)
2831926 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Variant Requesting Config (mobile_malware.rules)
2831927 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Receiving Config Including Payload Address (mobile_malware.rules)
2831928 - ETPRO TROJAN NSIS/Alina Checkin 3 (trojan.rules)
2831929 - ETPRO MOBILE_MALWARE Android/Agent.AHU CnC Checkin (mobile_malware.rules)
2831930 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 374 (mobile_malware.rules)
2831931 - ETPRO MOBILE_MALWARE AndroidOS/Agent.CH CnC Beacon (mobile_malware.rules)
2831932 - ETPRO TROJAN Win32/CoinMiner.Downloader Retreiving Payloads and Configs (trojan.rules)
2831933 - ETPRO MOBILE_MALWARE AndroidOS/Shenghuo CnC Beacon (mobile_malware.rules)
2831934 - ETPRO MOBILE_MALWARE AndroidOS/ParaLoan CnC Beacon (mobile_malware.rules)
2831935 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce Checkin (mobile_malware.rules)
2831936 - ETPRO TROJAN AZORult Variant.4 XORed Download (trojan.rules)
2831937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 1) (trojan.rules)
2831938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 2) (trojan.rules)
2831939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 3) (trojan.rules)
2831940 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 4) (trojan.rules)
2831941 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 5) (trojan.rules)
2831942 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 6) (trojan.rules)
2831943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 7) (trojan.rules)
2831944 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 8) (trojan.rules)
2831945 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 9) (trojan.rules)
2831946 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 10) (trojan.rules)
2831947 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 11) (trojan.rules)
2831948 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload M1 2018-07-23 (current_events.rules)
2831949 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-23 12) (trojan.rules)
2831950 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload M2 2018-07-23 (current_events.rules)
2831951 - ETPRO TROJAN SurveyLocker Activity (trojan.rules)
2831952 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Carbanak CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2810276 - ETPRO TROJAN Azorult CnC Beacon (trojan.rules)

Date: 
Sunday, July 22, 2018 - 22:00