Daily Ruleset Update Summary 2018/11/19

[***]            Summary:            [***]

14 new Open, 25 new Pro (14 + 11). Mikrotik Injects, Darkgate, Coinminers, Various Mobile.

[+++]          Added rules:          [+++]

2026621 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026622 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026623 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026624 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026625 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026626 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026627 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in TLS SNI (trojan.rules)
2026628 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS Lookup (trojan.rules)
2026629 - ET TROJAN DarkGate CNC Checkin (trojan.rules)
2026630 - ET TROJAN DarkGate CnC Requesting Data Exfiltration from Bot (trojan.rules)
2026631 - ET TROJAN DarkGate Domain in DNS Lookup (akamai .la) (trojan.rules)
2026632 - ET TROJAN DarkGate Domain in DNS Lookup (hardwarenet .cc) (trojan.rules)
2026633 - ET TROJAN DarkGate Domain in DNS Lookup (awsamazon.cc) (trojan.rules)
2026634 - ET TROJAN DarkGate Domain in DNS Lookup (battlenet .la) (trojan.rules)
2833583 - ETPRO MOBILE_MALWARE Android/Agent.BAA Checkin (mobile_malware.rules)
2833584 - ETPRO MOBILE_MALWARE Android/FakeAV.K CnC Beacon (mobile_malware.rules)
2833585 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 1) (trojan.rules)
2833586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 2) (trojan.rules)
2833587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 3) (trojan.rules)
2833588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 4) (trojan.rules)
2833589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 5) (trojan.rules)
2833590 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 6) (trojan.rules)
2833591 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 7) (trojan.rules)
2833592 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 8) (trojan.rules)
2833593 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-18 9) (trojan.rules)

[///]     Modified active rules:     [///]

2023611 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 107 (trojan.rules)
2802963 - ETPRO TROJAN Suspicious User-Agent (Omega) (trojan.rules)

Date: 
Monday, November 19, 2018 - 00:00