Daily Ruleset Update Summary 2018/11/15

[***]            Summary:            [***]

7 new Open, 14 new Pro (7 + 7). DragonFly APT, Mylobot, Various MalDoc SSL Certs. CnC Domain.

[+++]          Added rules:          [+++]

2026609 - ET TROJAN Operation Baby Coin syschk CnC Communication (trojan.rules)
2026610 - ET TROJAN ELF/Muhstik Scanner Module Activity (trojan.rules)
2026611 - ET TROJAN DragonFly APT Domain in DNS Lookup (trojan.rules)
2026612 - ET TROJAN DragonFly APT Domain in DNS Lookup (trojan.rules)
2026613 - ET TROJAN Mylobot Receiving XOR Encrypted Config (0xde) (trojan.rules)
2026614 - ET TROJAN Operation Mystery Baby syschk CnC Communication (trojan.rules)
2026615 - ET CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif Inject Domain) (current_events.rules)
2833568 - ETPRO MOBILE_MALWARE Android.Trojan.Rootnik.gNACV CNC Beacon (mobile_malware.rules)
2833569 - ETPRO MOBILE_MALWARE Android.Trojan.Rootnik.gNACV CNC Beacon 2 (mobile_malware.rules)
2833570 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-11-15) (current_events.rules)
2833571 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-11-15 2) (current_events.rules)
2833572 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC) (trojan.rules)
2833573 - ETPRO TROJAN PhanapikalBot Setting Module (trojan.rules)
2833574 - ETPRO TROJAN PhanapikalBot getModule Request (trojan.rules)

[///]     Modified active rules:     [///]

2026607 - ET TROJAN ELF/Muhstik Bot Reporting Vulnerable Server to CnC (trojan.rules)

Date: 
Thursday, November 15, 2018 - 00:00