Daily Ruleset Update Summary 2018/09/04

[***]            Summary:            [***]

20 new Pro. CobInt, Win32/DanaBot, APT32 Domain, Various Mobile.

[+++]          Added rules:          [+++]

2832436 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group Payload) (trojan.rules)
2832437 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader) (trojan.rules)
2832438 - ETPRO TROJAN Win32/DanaBot CnC Checkin (trojan.rules)
2832439 - ETPRO TROJAN Win32/DanaBot Payloads Inbound from CnC (FF Variant) (trojan.rules)
2832440 - ETPRO MOBILE_MALWARE AndroidOS.Boogr Checkin (mobile_malware.rules)
2832441 - ETPRO TROJAN W32.Neshta.B Checkin (trojan.rules)
2832442 - ETPRO MALWARE Win32/Presenoker Checkin (malware.rules)
2832443 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
2832444 - ETPRO TROJAN APT32 Domain in TLS SNI (trojan.rules)
2832445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 1) (trojan.rules)
2832446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 2) (trojan.rules)
2832447 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 3) (trojan.rules)
2832448 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 4) (trojan.rules)
2832449 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 5) (trojan.rules)
2832450 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 6) (trojan.rules)
2832451 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 7) (trojan.rules)
2832452 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-04 8) (trojan.rules)
2832453 - ETPRO CURRENT_EVENTS Possible Ursnif Download Inbound (current_events.rules)
2832454 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-04) (current_events.rules)
2832455 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-04 2) (current_events.rules)

[///]     Modified active rules:     [///]

2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)

Date: 
Tuesday, September 4, 2018 - 00:00