Daily Ruleset Update Summary 2018/08/31

[***]            Summary:            [***]

1 new Open, 15 new Pro (1 + 14). W32.FakeEzQ.kr, W32.Helminth, MagentoCore, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026071 - ET TROJAN W32.FakeEzQ.kr Checkin (trojan.rules)

Pro:

2832412 - ETPRO TROJAN Thanatos Ransomware User-Agent (trojan.rules)
2832413 - ETPRO TROJAN W32.Helminth Checkin via DNS (trojan.rules)
2832414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE Checkin (mobile_malware.rules)
2832415 - ETPRO TROJAN W32.Mandaph.Coinminer Checkin (trojan.rules)
2832416 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 386 (mobile_malware.rules)
2832417 - ETPRO TROJAN Win32/Occamy.C CnC Activity 1 (trojan.rules)
2832418 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 387 (mobile_malware.rules)
2832419 - ETPRO TROJAN Win32/Occamy.C CnC Activity 2 (trojan.rules)
2832420 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MagentoCore Skimmer) (current_events.rules)
2832421 - ETPRO CURRENT_EVENTS Observed MagentoCore Domain (www .magentocore .net in TLS SNI) (current_events.rules)
2832422 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup Domain) (policy.rules)
2832423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 1) (trojan.rules)
2832424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 2) (trojan.rules)
2832425 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 3) (trojan.rules)

[///]     Modified active rules:     [///]

2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check (trojan.rules)

Date: 
Friday, August 31, 2018 - 00:00