[***]            Summary:            [***]

8 new Open, 25 new Pro (8 + 17). Panda Banker SSL, Tinba, AegisCrypter, SocketPlayer, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025995 - ET TROJAN Observed Malicious SSL Cert (Panda Banker C2) (trojan.rules)
2025996 - ET TROJAN Observed Malicious SSL Cert (Panda Banker Injects) (trojan.rules)
2025997 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in DNS Lookup) (trojan.rules)
2025998 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in TLS SNI) (trojan.rules)
2025999 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in DNS Lookup) (trojan.rules)
2026000 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in TLS SNI) (trojan.rules)
2026001 - ET TROJAN [PTsecurity] Tinba (Banking Trojan) HTTP Header (trojan.rules)
2026002 - ET TROJAN [PTsecurity] Tinba (Banking Trojan) Check-in (trojan.rules)

Pro:

2832224 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.X Checkin (mobile_malware.rules)
2832225 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup (asasdasdaskdlakalksdmlkasdnddasakkkaksjdjnsadlwda) (trojan.rules)
2832226 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.BK CnC Beacon (mobile_malware.rules)
2832227 - ETPRO TROJAN Strongpity SSL/TLS Certificate Observed (trojan.rules)
2832228 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-08-20) (current_events.rules)
2832229 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2832230 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI (trojan.rules)
2832231 - ETPRO TROJAN AegisCrypter Requesting Payload (trojan.rules)
2832232 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 1) (trojan.rules)
2832233 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 2) (trojan.rules)
2832234 - ETPRO TROJAN DNS Query to Cobalt Related Domain (trojan.rules)
2832235 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 4) (trojan.rules)
2832236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 5) (trojan.rules)
2832237 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 6) (trojan.rules)
2832238 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 7) (trojan.rules)
2832239 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 8) (trojan.rules)
2832240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-20 3) (trojan.rules)

Date: 
Monday, August 20, 2018 - 00:00