Daily Ruleset Update Summary 2019/05/17

[***] Summary: [***]

6 new Open, 20 new Pro (6 + 14). Metamorpho, Winnti, Azden.A, TScope, BlackTech Plead

[+++] Added rules: [+++]

Open:

2027359 - ET USER_AGENTS AppControls.com User-Agent (user_agents.rules)
2027360 - ET INFO AutoIt User-Agent Downloading ZIP (info.rules)
2027361 - ET TROJAN Winnti Payload - XORed Check-in to Infected System (0xd4413890) (trojan.rules)
2027362 - ET TROJAN BlackTech Plead CnC in DNS Lookup (trojan.rules)
2027363 - ET TROJAN BlackTech Plead CnC in DNS Lookup (trojan.rules)
2027364 - ET TROJAN BlackTech Plead Fake Favicon (trojan.rules)

Pro:

2836359 - ETPRO POLICY Win32/ShowMyPC RDP Session Init (policy.rules)
2836360 - ETPRO TROJAN MSIL.Azden.A Stealer Checkin (trojan.rules)
2836361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-17 1) (trojan.rules)
2836362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-17 2) (trojan.rules)
2836363 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-17 3) (trojan.rules)
2836364 - ETPRO TROJAN Win32/Codesoft PWS Exfil via SMTP (trojan.rules)
2836365 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-05-17) (current_events.rules)
2836366 - ETPRO TROJAN MSIL.TScope Checkin 4 (trojan.rules)
2836367 - ETPRO TROJAN MSIL.TScope Checkin 5 (trojan.rules)
2836368 - ETPRO TROJAN MSIL.TScope Checkin 6 (trojan.rules)
2836369 - ETPRO TROJAN Win64/Agent.OF Variant CnC Report Checkin (trojan.rules)
2836370 - ETPRO TROJAN MSIL/Spy.Agent.BXY Variant CnC Checkin (trojan.rules)
2836371 - ETPRO TROJAN Metamorpho Variant CnC Activity (trojan.rules)

Date:

Thursday, May 16, 2019

Summary title:

6 new Open, 20 new Pro (6 + 14). Metamorpho, Winnti, Azden.A, TScope, BlackTech Plead