Daily Ruleset Update Summary 2017/03/07

[***] Summary: [***]

43 new Pro. Phishing, Injects, Sage domains

Thanks: @malwrhunterteam Kevin Branch

[+++]          Added rules:          [+++]

Pro:

2825251 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2825252 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 07 2017 (current_events.rules)
2825253 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 07 2017 (current_events.rules)
2825254 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Mar 07 2017 (current_events.rules)
2825255 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825256 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825257 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.AZ Checkin (mobile_malware.rules)
2825258 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825259 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825260 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825261 - ETPRO TROJAN Gootkit Domain in SNI (trojan.rules)
2825262 - ETPRO TROJAN DNS Query to Cerber Domain (1lcteo . top) (trojan.rules)
2825263 - ETPRO TROJAN DNS Query to Cerber Domain (195heb . top) (trojan.rules)
2825264 - ETPRO TROJAN DNS Query to Cerber Domain (1cvmb4 . top) (trojan.rules)
2825265 - ETPRO TROJAN DNS Query to Cerber Domain (1ps36s . top) (trojan.rules)
2825266 - ETPRO TROJAN DNS Query to Cerber Domain (13wm9b . top) (trojan.rules)
2825267 - ETPRO TROJAN DNS Query to Cerber Domain (12vpkc . top) (trojan.rules)
2825268 - ETPRO TROJAN DNS Query to Cerber Domain (12a63k . top) (trojan.rules)
2825269 - ETPRO TROJAN DNS Query to Cerber Domain (15oqwp . top) (trojan.rules)
2825270 - ETPRO TROJAN DNS Query to Cerber Domain (173w9w . top) (trojan.rules)
2825271 - ETPRO TROJAN DNS Query to Cerber Domain (1cw65b . top) (trojan.rules)
2825272 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Mar 07 2017 (current_events.rules)
2825273 - ETPRO TROJAN MSIL/Enjey Crypter Ransomware CnC Checkin (trojan.rules)
2825274 - ETPRO TROJAN MSIL.EngWUltimate Stealer Checkin (trojan.rules)
2825275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-07 1) (trojan.rules)
2825276 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-07 2) (trojan.rules)
2825277 - ETPRO CURRENT_EVENTS Successful Apple Phish Mar 07 2017 (current_events.rules)
2825278 - ETPRO CURRENT_EVENTS Successful Nationwide Internet Banking Phish M1 Mar 07 2017 (current_events.rules)
2825279 - ETPRO CURRENT_EVENTS Successful Nationwide Internet Banking Phish M2 Mar 07 2017 (current_events.rules)
2825280 - ETPRO TROJAN DNS Query to Sage Domain (k5hjej9 . com) (trojan.rules)
2825281 - ETPRO TROJAN DNS Query to Sage Domain (io23zc . com) (trojan.rules)
2825282 - ETPRO TROJAN DNS Query to Sage Domain (p0alj2 . com) (trojan.rules)
2825283 - ETPRO TROJAN DNS Query to Sage Domain (2kzm0f . com) (trojan.rules)
2825284 - ETPRO TROJAN DNS Query to Sage Domain (3io74zx . com) (trojan.rules)
2825285 - ETPRO TROJAN DNS Query to Sage Domain (er29sl . in) (trojan.rules)
2825286 - ETPRO CURRENT_EVENTS Successful AXA Bank Europe Phish Mar 07 2017 (current_events.rules)
2825287 - ETPRO TROJAN DNS Query to Sage Domain (rzunt3u2 . com) (trojan.rules)
2825288 - ETPRO CURRENT_EVENTS Successful USC Phish Mar 07 2017 (current_events.rules)
2825289 - ETPRO CURRENT_EVENTS USC Phishing Landing Mar 07 2017 (current_events.rules)
2825290 - ETPRO TROJAN Tofu Backdoor Checkin (trojan.rules)
2825291 - ETPRO CURRENT_EVENTS Successful 163 Phish Mar 07 2017 (current_events.rules)
2825292 - ETPRO CURRENT_EVENTS Successful Western Union Phish Mar 07 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2021252 - ET TROJAN TorrentLocker .onion Proxy Domain (zbqxpjfvltb6d62m) (trojan.rules)
2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules)
2808510 - ETPRO TROJAN StoneDrill Wiper Checkin 2 (trojan.rules)
2812436 - ETPRO TROJAN TorrentLocker .onion Proxy Domain (4nzchpngrtdhn27u) (trojan.rules)
2812761 - ETPRO CURRENT_EVENTS Successful Blackboard Phish Aug 27 (current_events.rules)
2819866 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.CI Checkin (mobile_malware.rules)
2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24 2017 (current_events.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
 

Date: 
Tuesday, March 7, 2017 - 00:00