Daily Ruleset Update Summary 2017/03/09

[***] Summary: [***]

3 new Open signatures, 35 new Pro (3 + 32). (?:Spora|PadCrypt|Satan|Vortex|TorrentLocker) Ransomware, WIFICAM Camera vulns.

Thanks: @malware_traffic.

[+++]          Added rules:          [+++]

Open:

2024040 - ET CURRENT_EVENTS EITest SocEng Fake Font DL March 09 2017 (current_events.rules)
2024041 - ET TROJAN Spora Ransomware Checkin (trojan.rules)
2024042 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Mar 09 2017 (current_events.rules)

Pro:

2822915 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules)
2825314 - ETPRO CURRENT_EVENTS Successful Office 365 Encrypted Mail Phish Mar 09 2017 (current_events.rules)
2825315 - ETPRO CURRENT_EVENTS Successful Generic Email Revalidation Phish M1 Mar 09 2017 (current_events.rules)
2825316 - ETPRO CURRENT_EVENTS Successful Generic Email Revalidation Phish M2 Mar 09 2017 (current_events.rules)
2825317 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish Mar 09 2017 (current_events.rules)
2825318 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Mar 09 2017 (current_events.rules)
2825319 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.N CnC Beacon (mobile_malware.rules)
2825320 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Cova.d Checkin (mobile_malware.rules)
2825321 - ETPRO TROJAN PadCrypt Ransomware CnC Checkin 5 (trojan.rules)
2825322 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2825323 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2825324 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2825325 - ETPRO TROJAN Satan Ransomware Domain (onion . pw) (trojan.rules)
2825326 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontmain . pl) (trojan.rules)
2825327 - ETPRO TROJAN DNS Query to TorrentLocker Domain (joygo . pl) (trojan.rules)
2825328 - ETPRO TROJAN DNS Query to TorrentLocker Domain (questpul . pl) (trojan.rules)
2825329 - ETPRO TROJAN DNS Query to TorrentLocker Domain (homewind . pl) (trojan.rules)
2825330 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2825331 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon (mobile_malware.rules)
2825332 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2825333 - ETPRO TROJAN Spora Ransomware SSL Certificate Detected (trojan.rules)
2825334 - ETPRO TROJAN MSIL/njRAT/Bladabindi CnC Checkin (Sudden Attack) (trojan.rules)
2825335 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.BH Checkin (mobile_malware.rules)
2825336 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.AN CnC Beacon (mobile_malware.rules)
2825337 - ETPRO TROJAN Vortex Ransomware CnC Checkin (trojan.rules)
2825338 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Mar 09 2017 (current_events.rules)
2825339 - ETPRO TROJAN Downloader/Stengol CnC Beacon (trojan.rules)
2825340 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Mar 09 2017 (current_events.rules)
2825341 - ETPRO TROJAN Bancos Variant CnC Beacon (trojan.rules)
2825342 - ETPRO EXPLOIT WIFICAM Cameras Authenticated set_ftp.cgi Command Injection Attempt (exploit.rules)
2825343 - ETPRO EXPLOIT WIFICAM Cameras .ini Unauthenticated Access Attempt (exploit.rules)
2825344 - ETPRO CURRENT_EVENTS Successful iCloud Payment Verification Phish Mar 09 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2018630 - ET MOBILE_MALWARE Android/Comll.Banker RAT CnC Beacon (mobile_malware.rules)
2820920 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M1 (info.rules)
2820921 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M2 (info.rules)
2822666 - ETPRO CURRENT_EVENTS Successful Visa Online Phish Oct 17 2016 (current_events.rules)
2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 (current_events.rules)
2825096 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Checkin (Mr.motaz) (trojan.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
 

Date: 
Thursday, March 9, 2017 - 00:00