[***]            Summary:            [***]

8 new Open, 23 new Pro (8 + 15). JavaRAT, SSL Certs, Coinminer Authstrings.

[+++]          Added rules:          [+++]

Open:

2026580 - ET TROJAN JavaRAT CnC Init Activity (trojan.rules)
2026581 - ET TROJAN JavaRAT CnC Checkin (trojan.rules)
2026582 - ET TROJAN JavaRAT Keep-Alive (inbound) (trojan.rules)
2026583 - ET TROJAN JavaRAT Keep-Alive (outbound) (trojan.rules)
2026584 - ET TROJAN JavaRAT Sending Screen Size (trojan.rules)
2026585 - ET TROJAN JavaRAT Sending Screenshot (trojan.rules)
2026586 - ET TROJAN JavaRAT Requesting Screen Size (trojan.rules)
2026587 - ET TROJAN JavaRAT Requesting Screenshot (trojan.rules)

Pro:

2833480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-06 1) (trojan.rules)
2833481 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-06 2) (trojan.rules)
2833482 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-06 3) (trojan.rules)
2833483 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-06 4) (trojan.rules)
2833484 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-06 5) (trojan.rules)
2833485 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 6) (trojan.rules)
2833486 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 7) (trojan.rules)
2833487 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 8) (trojan.rules)
2833488 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 9) (trojan.rules)
2833489 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 10) (trojan.rules)
2833490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 11) (trojan.rules)
2833491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-07 12) (trojan.rules)
2833492 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC) (trojan.rules)
2833493 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Carbanak CnC) (trojan.rules)
2833494 - ETPRO CURRENT_EVENTS PowerShell Downloader Executing DLL from AppData Inbound (current_events.rules)

[///]     Modified active rules:     [///]

2026555 - ET TROJAN Sharik/Smoke CnC Beacon 12 (trojan.rules)
2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)

Date: 
Wednesday, November 7, 2018 - 00:00