[***]            Summary:            [***]

14 new Open, 31 new Pro (14 + 17). Cobalt Group/More_Eggs Domains, WebBrowserPassView, W32.DarkVNC Variant, Olympic Vision, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026703 - ET TROJAN Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC) (trojan.rules)
2026704 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026705 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026706 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026707 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026708 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026709 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026710 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026711 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026712 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026713 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026714 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026715 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)
2026716 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup (trojan.rules)

Pro:

2833849 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin (mobile_malware.rules)
2833850 - ETPRO MOBILE_MALWARE Android/Nineap.b Checkin (mobile_malware.rules)
2833851 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 452 (mobile_malware.rules)
2833852 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.z Checkin 4 (mobile_malware.rules)
2833853 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 453 (mobile_malware.rules)
2833854 - ETPRO TROJAN W32.DarkVNC Variant Checkin (trojan.rules)
2833855 - ETPRO TROJAN W32/Pcarrier.A Checkin (trojan.rules)
2833856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-07 1) (trojan.rules)
2833857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-07 2) (trojan.rules)
2833858 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-07 3) (trojan.rules)
2833859 - ETPRO TROJAN WebBrowserPassView PWS Exfil via FTP (trojan.rules)
2833860 - ETPRO TROJAN Observed Malicious SSL Cert (APT 34 CnC Domain) (trojan.rules)
2833861 - ETPRO TROJAN Observed Malicious SSL Cert (APT 34 CnC Domain) (trojan.rules)
2833862 - ETPRO TROJAN Hawkeye Keylogger Reporting Data via HTTP (trojan.rules)
2833863 - ETPRO TROJAN Ursa Loader CnC Checkin (trojan.rules)
2833864 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (BrushaLoader CnC) (current_events.rules)
2833865 - ETPRO TROJAN Olympic Vision Keylogger Exfil via SMTP (trojan.rules)

[///]     Modified active rules:     [///]

2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026577 - ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit set) (trojan.rules)
2823423 - ETPRO TROJAN FF49 Bot CnC Beacon (trojan.rules)

Date: 
Friday, December 7, 2018 - 00:00