[***] Summary: [***]
1 new Open, 15 new Pro (1 + 14). W32.FakeEzQ.kr, W32.Helminth, MagentoCore, Various Mobile.
[+++] Added rules: [+++]
Open:
2026071 - ET TROJAN W32.FakeEzQ.kr Checkin (trojan.rules)
Pro:
2832412 - ETPRO TROJAN Thanatos Ransomware User-Agent (trojan.rules)
2832413 - ETPRO TROJAN W32.Helminth Checkin via DNS (trojan.rules)
2832414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE Checkin (mobile_malware.rules)
2832415 - ETPRO TROJAN W32.Mandaph.Coinminer Checkin (trojan.rules)
2832416 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 386 (mobile_malware.rules)
2832417 - ETPRO TROJAN Win32/Occamy.C CnC Activity 1 (trojan.rules)
2832418 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 387 (mobile_malware.rules)
2832419 - ETPRO TROJAN Win32/Occamy.C CnC Activity 2 (trojan.rules)
2832420 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MagentoCore Skimmer) (current_events.rules)
2832421 - ETPRO CURRENT_EVENTS Observed MagentoCore Domain (www .magentocore .net in TLS SNI) (current_events.rules)
2832422 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup Domain) (policy.rules)
2832423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 1) (trojan.rules)
2832424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 2) (trojan.rules)
2832425 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-31 3) (trojan.rules)
[///] Modified active rules: [///]
2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check (trojan.rules)