[***] Summary: [***]
7 new Open, 15 new Pro (7 + 8). LaZagne Artifact, BKDR_HTV.ZKGD-A, Various SSL.
[+++] Added rules: [+++]
Open:
2027150 - ET TROJAN ELF.Initdz.Coinminer C2 Systeminfo (D2) (trojan.rules)
2027151 - ET ATTACK_RESPONSE LaZagne Artifact Outbound in FTP (attack_response.rules)
2027152 - ET POLICY Outbound SMTP NTLM Authentication Observed (policy.rules)
2027153 - ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound (exploit.rules)
2027154 - ET MOBILE_MALWARE Android/BasBanke CnC Checkin (mobile_malware.rules)
2027155 - ET TROJAN AHK/BKDR_HTV.ZKGD-A CnC Checkin (trojan.rules)
2027156 - ET TROJAN AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound (trojan.rules)
Pro:
2835728 - ETPRO TROJAN W32.LocNa Checkin (trojan.rules)
2835729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 1) (trojan.rules)
2835730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 2) (trojan.rules)
2835731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 3) (trojan.rules)
2835732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835733 - ETPRO TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
2835734 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835735 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC) (trojan.rules)
[///] Modified active rules: [///]
2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related) (current_events.rules)