Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/02

[***]            Summary:            [***]

21 new OPEN, 50 new PRO (21 + 29).  HPDM Backdoor, SLOTHFULMEDIA RAT, XDSpy, MPD, and VARIOUS PHISHING, CoinMiners and Webshells.

Thanks: @nickstadb, @travisbgreen, @Garfield, @MsRebeccaBlack.

TIIF

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030941 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030942 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030943 - ET CURRENT_EVENTS Mailgun Phishing Landing
(current_events.rules)
  2030944 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030945 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030946 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030947 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030948 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030949 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030950 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030951 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030952 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
  2030953 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
  2030954 - ET TROJAN XDMonitor Sending Debug Messages (trojan.rules)
  2030955 - ET TROJAN XDUpload Uploading Directory Listting (trojan.rules)
  2030956 - ET TROJAN XDUpload Uploading Files (trojan.rules)
  2030957 - ET TROJAN XDUpload Sending File Upload Progress (trojan.rules)
  2030958 - ET TROJAN XDUpload Sending Screenshot Upload Progress
(trojan.rules)
  2030959 - ET TROJAN XDMonitor Checkin Activity (trojan.rules)
  2030960 - ET TROJAN SLOTHFULMEDIA RAT CnC (POST) (trojan.rules)
  2030961 - ET EXPLOIT [401TRG] HPDM Backdoor Login (exploit.rules)

Pro:

  2844729 - ETPRO TROJAN Observed Malicious SSL Cert (EvolvedThief CnC)
(trojan.rules)
  2844730 - ETPRO TROJAN MalDoc Retrieving Payload 2020-10-02 (trojan.rules)
  2844731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-02 1) (trojan.rules)
  2844732 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-02 2) (trojan.rules)
  2844733 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-02 3) (trojan.rules)
  2844734 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-02
(current_events.rules)
  2844735 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish 2020-10-02
(current_events.rules)
  2844736 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-10-02
(current_events.rules)
  2844737 - ETPRO CURRENT_EVENTS Successful Banco Intesa SanPaolo Phish
2020-10-02 (current_events.rules)
  2844738 - ETPRO CURRENT_EVENTS Successful Godaddy Webmail Phish 2020-10-02
(current_events.rules)
  2844739 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-10-02 (current_events.rules)
  2844740 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-10-02 (current_events.rules)
  2844741 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-02 (current_events.rules)
  2844742 - ETPRO CURRENT_EVENTS Possible Successful Barclays Bank Phish
2020-10-02 (current_events.rules)
  2844743 - ETPRO CURRENT_EVENTS Possible Successful Halifax Bank Phish
2020-10-02 (current_events.rules)
  2844744 - ETPRO CURRENT_EVENTS Possible Successful HSBC UK Bank Phish
2020-10-02 (current_events.rules)
  2844745 - ETPRO CURRENT_EVENTS Possible Successful Nationwide UK Bank
Phish 2020-10-02 (current_events.rules)
  2844746 - ETPRO CURRENT_EVENTS Possible Successful TSB UK Bank Phish
2020-10-02 (current_events.rules)
  2844747 - ETPRO CURRENT_EVENTS Possible Successful Natwest Bank Phish
2020-10-02 (current_events.rules)
  2844748 - ETPRO CURRENT_EVENTS Possible Successful RBS Digital Bank Phish
2020-10-02 (current_events.rules)
  2844749 - ETPRO CURRENT_EVENTS Possible Successful Tesco Bank Phish
2020-10-02 (current_events.rules)
  2844750 - ETPRO CURRENT_EVENTS Successful Mailgun Phish 2020-10-02
(current_events.rules)
  2844751 - ETPRO TROJAN MPD CnC Host Checkin (trojan.rules)
  2844752 - ETPRO TROJAN MPD CnC Client Status Activity (trojan.rules)
  2844753 - ETPRO MALWARE Patch My PC Activity (malware.rules)
  2844754 - ETPRO USER_AGENTS Patch My PC UA (user_agents.rules)
  2844755 - ETPRO USER_AGENTS Patch My PC UA (user_agents.rules)
  2844756 - ETPRO TROJAN Win32/Remcos RAT Checkin 550 (trojan.rules)
  2844757 - ETPRO TROJAN Malicious SSL Certificate detected (AZORult CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2017821 - ET WEB_SERVER IIS ISN BackDoor Command Delete Log
(web_server.rules)
  2017822 - ET WEB_SERVER IIS ISN BackDoor Command Get Logpath
(web_server.rules)
  2018402 - ET CURRENT_EVENTS DRIVEBY Possible Goon/Infinity/Magnitude EK
SilverLight Exploit (current_events.rules)
  2021162 - ET POLICY External IP Lookup - ip2location.com (policy.rules)
  2021184 - ET TROJAN APT Backspace CnC Beacon (trojan.rules)
  2021188 - ET TROJAN KeyBase Keylogger Checkin (trojan.rules)
  2021213 - ET TROJAN Win32/Zacom.A CnC Beacon 1 (trojan.rules)
  2021250 - ET POLICY Possible External IP Lookup ip.webmasterhome.cn
(policy.rules)
  2021261 - ET TROJAN Win32/Chinad Retrieving Config (trojan.rules)
  2021274 - ET TROJAN Backdoor.Elise CnC Beacon 1 M1 (trojan.rules)
  2021292 - ET CURRENT_EVENTS KaiXin Secondary Landing Page
(current_events.rules)
  2021371 - ET POLICY Possible External IP Lookup www.whatsmyip.us
(policy.rules)
  2021386 - ET MOBILE_MALWARE Android BatteryBotPro Checkin
(mobile_malware.rules)
  2021387 - ET MOBILE_MALWARE Android BatteryBotPro Checkin 2
(mobile_malware.rules)
  2021399 - ET TROJAN Matsnu Checkin (trojan.rules)
  2021403 - ET TROJAN W32/Banload.VZS Banker POST CnC Beacon 1
(trojan.rules)
  2021408 - ET EXPLOIT AirLive RCI HTTP Request (exploit.rules)
  2021414 - ET CURRENT_EVENTS Suspicious SWF filename movie(dot)swf in doc
root (current_events.rules)
  2021520 - ET TROJAN KINS/ZeusVM Variant CnC Beacon (trojan.rules)
  2021532 - ET TROJAN W2KM_BARTALEX Downloading Payload M2 (trojan.rules)
  2021550 - ET POLICY External IP Lookup trackip.net (policy.rules)
  2021552 - ET CURRENT_EVENTS Possible Malicious Redirect 8x8 script tag URI
struct (current_events.rules)
  2021570 - ET TROJAN Sakula/Mivast RAT CnC Beacon 7 (trojan.rules)
  2021608 - ET TROJAN Win32.Androm.gnlb Checkin (trojan.rules)
  2025089 - ET TROJAN Vawtrak/NeverQuest CnC Beacon (trojan.rules)
  2806808 - ETPRO MOBILE_MALWARE AndroidOS/GingerMaster.B
(mobile_malware.rules)
  2807010 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin 2
(mobile_malware.rules)
  2807306 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fc Checkin
(mobile_malware.rules)
  2808003 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Uten.b Checkin
(mobile_malware.rules)
  2808885 - ETPRO MOBILE_MALWARE AndroidOS/GGTracker.A Checkin 3
(mobile_malware.rules)
  2809387 - ETPRO TROJAN Win32/PSW.Papras.DS Checkin (trojan.rules)
  2809459 - ETPRO MOBILE_MALWARE Android/Adware.AirPush.J Checkin
(mobile_malware.rules)
  2809584 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.Z Checkin
(mobile_malware.rules)
  2810137 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.FS Checkin
(mobile_malware.rules)
  2810174 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.sx Checkin
(mobile_malware.rules)
  2810889 - ETPRO TROJAN DiamondFox Retrieving Modules (trojan.rules)
  2810890 - ETPRO TROJAN DiamondFox HTTP POST CnC Beacon (trojan.rules)
  2811155 - ETPRO MOBILE_MALWARE Trojan.Android.Clicker.M Checkin
(mobile_malware.rules)
  2811224 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dw Checkin 2
(mobile_malware.rules)
  2811226 - ETPRO EXPLOIT Synology DiskStation Manager XSS Attempt
(exploit.rules)
  2811245 - ETPRO TROJAN Papras Variant CnC (trojan.rules)
  2811324 - ETPRO TROJAN TrojanProxy.Mediana.q Proxy CnC Online Checkin
(trojan.rules)
  2811336 - ETPRO TROJAN KeyBase Keylogger Reporting Keystrokes
(trojan.rules)
  2811365 - ETPRO TROJAN KeyBase Keylogger Reporting Passwords
(trojan.rules)
  2811371 - ETPRO TROJAN Ransom.Win32.Simlosap/Cryakl Checkin (trojan.rules)
  2811386 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Smaps.a Checkin
(mobile_malware.rules)
  2811420 - ETPRO MOBILE_MALWARE Android-PUP/SmsReg.dd57 Checkin
(mobile_malware.rules)
  2811427 - ETPRO TROJAN Win32/Spy.Banker.ACDS CnC Beacon (trojan.rules)
  2811430 - ETPRO WEB_SPECIFIC_APPS Joomla EQ Event Calendar SQLi Attempt
(web_specific_apps.rules)
  2811462 - ETPRO TROJAN MSIL/TrojanClicker.Agent.NKC CnC Beacon
(trojan.rules)
  2811477 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fe Checkin
(mobile_malware.rules)
  2811487 - ETPRO TROJAN Alphacrypt CnC Beacon (trojan.rules)
  2811501 - ETPRO TROJAN Possible MSIL/Habbo.A Downloading Modules
(trojan.rules)
  2811576 - ETPRO TROJAN Win32/Agent.QGB CnC Beacon (trojan.rules)
  2811581 - ETPRO TROJAN Kryptik.EAU/FakeScanti Malformed Checkin
(trojan.rules)
  2811591 - ETPRO MOBILE_MALWARE Adware.AndroidOS.AirPush.a Checkin 3
(mobile_malware.rules)
  2811632 - ETPRO MOBILE_MALWARE Android/AdDisplay.Youmi.H Checkin
(mobile_malware.rules)
  2811634 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de Checkin
(mobile_malware.rules)
  2811712 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
  2811735 - ETPRO EXPLOIT Huawei Home Gateway Password Disclosure/Change
(exploit.rules)
  2811736 - ETPRO TROJAN Fobber Checkin (trojan.rules)
  2811739 - ETPRO MOBILE_MALWARE Android/Qysly.A Checkin
(mobile_malware.rules)
  2811741 - ETPRO MOBILE_MALWARE Android/SMSreg.KU Checkin 3
(mobile_malware.rules)
  2811750 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ep Checkin 3
(mobile_malware.rules)
  2811788 - ETPRO WEB_SPECIFIC_APPS ipTIME firmware < 9.58 RCE
(web_specific_apps.rules)
  2811803 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ms Checkin
(mobile_malware.rules)
  2811815 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.AC Checkin
(mobile_malware.rules)
  2811816 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.HX Checkin
(mobile_malware.rules)
  2811817 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Sopes.a Checkin
(mobile_malware.rules)
  2811825 - ETPRO WEB_SPECIFIC_APPS WP Albo Pretorio Plugin 3.2 SQLi Attempt
(web_specific_apps.rules)
  2811858 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.AP Checkin
(mobile_malware.rules)
  2811885 - ETPRO TROJAN Unknown APT Downloader retrieving payload
(trojan.rules)
  2811897 - ETPRO TROJAN Unknown Downloader observed dling APT malware
(trojan.rules)
  2811901 - ETPRO TROJAN Chthonic CnC Beacon 8 (trojan.rules)
  2811930 - ETPRO TROJAN Likely Dyre Downloading Additional Payload
(trojan.rules)
  2811969 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FD Checkin
(mobile_malware.rules)
  2811972 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Uranico.a Checkin
(mobile_malware.rules)
  2811975 - ETPRO TROJAN Xtrat/xRAT CnC Beacon (trojan.rules)
  2811980 - ETPRO TROJAN Python/Searcher CnC Beacon (trojan.rules)
  2811981 - ETPRO MOBILE_MALWARE Android/AdDisplay.Fictus.B Checkin
(mobile_malware.rules)
  2811982 - ETPRO TROJAN Python/Liberpy.A CnC Beacon (trojan.rules)
  2811996 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aj Checkin 2
(mobile_malware.rules)
  2811997 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aj Checkin 3
(mobile_malware.rules)
  2812019 - ETPRO TROJAN Python.a Checkin 2 (trojan.rules)
  2812022 - ETPRO TROJAN Python/Agent.G CnC Beacon (trojan.rules)
  2812026 - ETPRO MOBILE_MALWARE Android.Trojan.Ansupv.B Checkin
(mobile_malware.rules)
  2812038 - ETPRO TROJAN Win32/Parite Variant Checkin (trojan.rules)
  2812046 - ETPRO TROJAN AlphaCrypt CnC Beacon 2 (trojan.rules)
  2812069 - ETPRO WEB_SPECIFIC_APPS Possible LFI/LFD Joomla
configuration.php Filename in URL (web_specific_apps.rules)
  2812070 - ETPRO WEB_SPECIFIC_APPS Possible LFI/LFD Joomla
configuration.php Filename in URL (web_specific_apps.rules)
  2812071 - ETPRO WEB_SPECIFIC_APPS Possible LFI/LFD Joomla
configuration.php Filename in URL (web_specific_apps.rules)
  2812079 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.BQ Checkin
(mobile_malware.rules)
  2812084 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Celular.a Checkin
(mobile_malware.rules)
  2812085 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Celular.a Checkin 2
(mobile_malware.rules)
  2812154 - ETPRO TROJAN MSIL/Grelog.A Checkin (trojan.rules)
  2812159 - ETPRO MOBILE_MALWARE Android/AdDisplay.Fictus.B Checkin 2
(mobile_malware.rules)
  2812202 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.GK Checkin
(mobile_malware.rules)
  2812228 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin
(mobile_malware.rules)
  2812271 - ETPRO MOBILE_MALWARE Android/Agent.LG Checkin
(mobile_malware.rules)
  2812288 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.NqShield.a Checkin
(mobile_malware.rules)
  2812289 - ETPRO MOBILE_MALWARE Android/SMForw.DC Checkin
(mobile_malware.rules)
  2812305 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hb Checkin
(mobile_malware.rules)
  2812312 - ETPRO TROJAN Win32/Backdoor.Androm.hojp Activity (trojan.rules)
  2812330 - ETPRO MOBILE_MALWARE Android/AdDisplay.Izp.B Checkin
(mobile_malware.rules)
  2812399 - ETPRO TROJAN Infostealer.Banker.C CnC Beacon (trojan.rules)
  2812427 - ETPRO MOBILE_MALWARE Android/Agent.FC Checkin
(mobile_malware.rules)
  2812435 - ETPRO CURRENT_EVENTS Suspicious Pastebin Base64 Encoded Response
(current_events.rules)
  2812476 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.e Checkin 2
(mobile_malware.rules)
  2812478 - ETPRO WEB_CLIENT Possible CoreImpact Client Java Exploit In
Progress (Pens Being Tested or Possible RocketKitten) M1 (web_client.rules)
  2812479 - ETPRO WEB_CLIENT Possible CoreImpact Client Java Exploit In
Progress (Pens Being Tested or Possible RocketKitten) M2 (web_client.rules)
  2812490 - ETPRO MOBILE_MALWARE Android/Monitor.Beycont.A Checkin
(mobile_malware.rules)
  2812513 - ETPRO TROJAN Win32/Blakamba Checkin (trojan.rules)
  2812521 - ETPRO TROJAN Ursnif Retrieving US Constitution for DGA
(trojan.rules)
  2812526 - ETPRO TROJAN PlugX CnC Beacon (trojan.rules)
  2812545 - ETPRO MOBILE_MALWARE Android/Fadeb.K Checkin
(mobile_malware.rules)
  2812620 - ETPRO TROJAN Ixeshe GIF CnC Beacon (trojan.rules)
  2812621 - ETPRO TROJAN Win32/Ixeshe HTTP CnC Beacon (trojan.rules)
  2812632 - ETPRO MOBILE_MALWARE Android/JSmsHider.P Checkin
(mobile_malware.rules)
  2812635 - ETPRO TROJAN OnionDuke CnC Beacon 1 (trojan.rules)
  2812636 - ETPRO TROJAN OnionDuke CnC Beacon 2 (trojan.rules)
  2812637 - ETPRO TROJAN OnionDuke CnC Beacon 3 (trojan.rules)
  2812638 - ETPRO TROJAN OnionDuke CnC Beacon 4 (trojan.rules)
  2812639 - ETPRO TROJAN OnionDuke CnC Beacon 5 (trojan.rules)
  2812653 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.JQ Checkin
(mobile_malware.rules)
  2812664 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Kcuf.a Checkin
(mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

  2021214 - ET TROJAN Win32/Zacom.A CnC Beacon 2 (trojan.rules)
  2021284 - ET TROJAN W2KM_BARTALEX Downloading Payload (trojan.rules)
  2021300 - ET TROJAN Downloader.Win32.Adload (KaiXin Payload) Checkin
(trojan.rules)
  2021352 - ET TROJAN ELF.DES.Downloader Request (trojan.rules)
  2021376 - ET TROJAN UpDocX Checkin (trojan.rules)
  2021377 - ET TROJAN UpDocX Download (trojan.rules)
  2021392 - ET MOBILE_MALWARE Android Gunpoder Checkin
(mobile_malware.rules)
  2021501 - ET TROJAN Jiripbot CnC 1 (trojan.rules)
  2021502 - ET TROJAN Jiripbot CnC 2 (trojan.rules)
  2021617 - ET MOBILE_MALWARE Android.Trojan.SLocker.DZ Checkin 2
(mobile_malware.rules)
  2807311 - ETPRO TROJAN Variant.Kazy.277370 Checkin (trojan.rules)
  2809580 - ETPRO TROJAN Python.a Checkin (trojan.rules)
  2811248 - ETPRO TROJAN Naikon CnC Beacon (trojan.rules)
  2811250 - ETPRO MOBILE_MALWARE Android/SMForw.AC Checkin
(mobile_malware.rules)
  2811339 - ETPRO TROJAN WIN32/Msposer.A Checkin (trojan.rules)
  2811340 - ETPRO TROJAN WIN32/Msposer.A External IP Check (trojan.rules)
  2811342 - ETPRO TROJAN WIN32/Msposer.A Checkin 2 (trojan.rules)
  2811368 - ETPRO MOBILE_MALWARE Android SmsSample Checkin
(mobile_malware.rules)
  2811369 - ETPRO MOBILE_MALWARE Android SmsSample Checkin 2
(mobile_malware.rules)
  2811370 - ETPRO MOBILE_MALWARE Android SmsSample Checkin 3
(mobile_malware.rules)
  2811467 - ETPRO TROJAN Spy.Win32.Agent.cvty Checkin (trojan.rules)
  2811509 - ETPRO MOBILE_MALWARE Andr/VietSMS-E Checkin
(mobile_malware.rules)
  2811605 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Mseg.a Checkin 2
(mobile_malware.rules)
  2811669 - ETPRO TROJAN Win32/Autoit.BNH Checkin (trojan.rules)
  2811689 - ETPRO MOBILE_MALWARE Android.Bossefiv Checkin
(mobile_malware.rules)
  2811691 - ETPRO MOBILE_MALWARE Android/Spy.Zitmo.B Checkin 5
(mobile_malware.rules)
  2811777 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.hapm Checkin
(trojan.rules)
  2811874 - ETPRO TROJAN Win32/Startpage.WR CnC Checkin 2 (trojan.rules)
  2811934 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BAJ Checkin
(mobile_malware.rules)
  2811983 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin
(mobile_malware.rules)
  2812018 - ETPRO TROJAN Python/MTK CnC Beacon (trojan.rules)
  2812021 - ETPRO TROJAN Python/FBook.B Retrieving PE (trojan.rules)
  2812035 - ETPRO TROJAN Derusbi CnC Beacon 2 (trojan.rules)
  2812072 - ETPRO TROJAN Unknown Trojan Dropped by Win32/Inexsmar.A Checkin
(trojan.rules)
  2812074 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.DD Checkin
(mobile_malware.rules)
  2812078 - ETPRO MOBILE_MALWARE Android/Agent.GX Checkin
(mobile_malware.rules)
  2812131 - ETPRO MOBILE_MALWARE Android PUP Wodsha-E Checkin 2
(mobile_malware.rules)
  2812136 - ETPRO MOBILE_MALWARE Android/Clicker.M Download
(mobile_malware.rules)
  2812179 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmThief.eq Checkin
(mobile_malware.rules)
  2812207 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.DN Checkin
(mobile_malware.rules)
  2812319 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BDN Checkin
(mobile_malware.rules)
  2812329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Honli.a Checkin 2
(mobile_malware.rules)
  2812336 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.CD Checkin
(mobile_malware.rules)
  2812346 - ETPRO MOBILE_MALWARE Android.Trojan.Vdloader.C Checkin
(mobile_malware.rules)
  2812393 - ETPRO TROJAN Win32/Inexsmar CnC Beacon (trojan.rules)
  2812455 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AOR Checkin
(mobile_malware.rules)
  2812470 - ETPRO TROJAN Trojan.Win32.Ponmocup Variant Checkin
(trojan.rules)
  2812538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.a Checkin
(mobile_malware.rules)
  2812539 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.a Download
(mobile_malware.rules)
  2812623 - ETPRO TROJAN Etumbot HTTP CnC Beacon (trojan.rules)

Date:
Summary title:
21 new OPEN, 50 new PRO (21 + 29). HPDM Backdoor, SLOTHFULMEDIA RAT, XDSpy, MPD, and VARIOUS PHISHING, CoinMiners and Webshells.