[***]            Summary:            [***]

7 new Open, 15 new Pro (7 + 8).  LaZagne Artifact, BKDR_HTV.ZKGD-A, Various SSL.

[+++]          Added rules:          [+++]

Open:

2027150 - ET TROJAN ELF.Initdz.Coinminer C2 Systeminfo (D2) (trojan.rules)
2027151 - ET ATTACK_RESPONSE LaZagne Artifact Outbound in FTP (attack_response.rules)
2027152 - ET POLICY Outbound SMTP NTLM Authentication Observed (policy.rules)
2027153 - ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound (exploit.rules)
2027154 - ET MOBILE_MALWARE Android/BasBanke CnC Checkin (mobile_malware.rules)
2027155 - ET TROJAN AHK/BKDR_HTV.ZKGD-A CnC Checkin (trojan.rules)
2027156 - ET TROJAN AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound (trojan.rules)

Pro:

2835728 - ETPRO TROJAN W32.LocNa Checkin (trojan.rules)
2835729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 1) (trojan.rules)
2835730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 2) (trojan.rules)
2835731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-04 3) (trojan.rules)
2835732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835733 - ETPRO TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
2835734 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835735 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related) (current_events.rules)

Date: 
Wednesday, April 3, 2019 - 22:00