[***]            Summary:            [***]

2 new Open, 26 new Pro (2 + 24). Windshift, TrueBot/Silence.Downloader, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026744 - ET TROJAN Observed DNS Query to known Windshift APT Related Domain 1 (trojan.rules)
2026745 - ET TROJAN Observed DNS Query to known Windshift APT Related Domain 2 (trojan.rules)

Pro:

2834104 - ETPRO MOBILE_MALWARE Android/RedLanterna Config Request (mobile_malware.rules)
2834105 - ETPRO MOBILE_MALWARE Trojan.Android.Triada.jckb Checkin (mobile_malware.rules)
2834106 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.IC Checkin (mobile_malware.rules)
2834107 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.gGEPG Device Info Exfil (mobile_malware.rules)
2834108 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil (mobile_malware.rules)
2834109 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.c Checkin (mobile_malware.rules)
2834110 - ETPRO MOBILE_MALWARE Android.PornVideo.GEN13518 Device Info Exfil (mobile_malware.rules)
2834111 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Contact Exfil (mobile_malware.rules)
2834112 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Device Info Exfil (mobile_malware.rules)
2834113 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Bank Account Info Exfil (mobile_malware.rules)
2834114 - ETPRO TROJAN Trojan.Win32.Blouiroet CnC (trojan.rules)
2834115 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 1) (trojan.rules)
2834116 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 2) (trojan.rules)
2834117 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 3) (trojan.rules)
2834118 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 4) (trojan.rules)
2834119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 5) (trojan.rules)
2834120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 6) (trojan.rules)
2834121 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-27 7) (trojan.rules)
2834122 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 2 (trojan.rules)
2834123 - ETPRO POLICY SMTP Base64 Encoded EXE Outbound - Possible Infection (policy.rules)
2834124 - ETPRO TROJAN VBS.Unk.Finny Retrieving Command (trojan.rules)
2834125 - ETPRO TROJAN VBS.Unk.Finny Reporting System Info (trojan.rules)
2834126 - ETPRO TROJAN TrueBot/Silence.Downloader Keep-Alive 2 (trojan.rules)
2834127 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2830627 - ETPRO TROJAN Windshift APT Related Stealer Checkin M1 2018-05-01 (trojan.rules)

Date: 
Wednesday, December 26, 2018 - 22:00