Daily Ruleset Update Summary 2017/03/10

[***]            Summary:            [***]

2 new Open signatures, 20 new Pro (2 + 18). Druixey, Phonespy, Revenge RAT, Various Phishing

Thanks: @malwrhunterteam

[+++]          Added rules:          [+++]

2024043 - ET TROJAN Spora Ransomware SSL Certificate Detected (trojan.rules)
2024044 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 (web_specific_apps.rules)
2825345 - ETPRO CURRENT_EVENTS Successful iCloud Phish M1 Mar 10 2017 (current_events.rules)
2825346 - ETPRO CURRENT_EVENTS Successful iCloud Phish M2 Mar 10 2017 (current_events.rules)
2825347 - ETPRO CURRENT_EVENTS Successful iCloud Phish M3 Mar 10 2017 (current_events.rules)
2825348 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 10 2017 (current_events.rules)
2825349 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 10 2017 (current_events.rules)
2825350 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.PhoneSpy.b Checkin (mobile_malware.rules)
2825351 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.PhoneSpy.b Test Connection (mobile_malware.rules)
2825352 - ETPRO POLICY IP Check freegeoip.net DNS Lookup (policy.rules)
2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2825354 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2825355 - ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin M2 (trojan.rules)
2825356 - ETPRO TROJAN Bladabindi/njRat Variant CnC Checkin (CrezyMan) (trojan.rules)
2825357 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 1 (trojan.rules)
2825358 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 2 (trojan.rules)
2825359 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 3 (trojan.rules)
2825360 - ETPRO TROJAN DroppingElephant MSIL/Lobac Document Stealer CnC Beacon 1 (trojan.rules)
2825361 - ETPRO TROJAN DroppingElephant MSIL/Lobac Document Stealer CnC Beacon 2 (trojan.rules)
2825362 - ETPRO TROJAN Bancos Variant CnC Beacon (trojan.rules)

[///]     Modified active rules:     [///]

2023612 - ET TROJAN Ransomware/Cerber Checkin M3 (1) (trojan.rules)
2023613 - ET TROJAN Ransomware/Cerber Checkin M3 (2) (trojan.rules)
2023614 - ET TROJAN Ransomware/Cerber Checkin M3 (3) (trojan.rules)
2023615 - ET TROJAN Ransomware/Cerber Checkin M3 (4) (trojan.rules)
2023616 - ET TROJAN Ransomware/Cerber Checkin M3 (5) (trojan.rules)
2023617 - ET TROJAN Ransomware/Cerber Checkin M3 (6) (trojan.rules)
2023618 - ET TROJAN Ransomware/Cerber Checkin M3 (7) (trojan.rules)
2023619 - ET TROJAN Ransomware/Cerber Checkin M3 (8) (trojan.rules)
2023620 - ET TROJAN Ransomware/Cerber Checkin M3 (9) (trojan.rules)
2023621 - ET TROJAN Ransomware/Cerber Checkin M3 (10) (trojan.rules)
2023622 - ET TROJAN Ransomware/Cerber Checkin M3 (11) (trojan.rules)
2023623 - ET TROJAN Ransomware/Cerber Checkin M3 (12) (trojan.rules)
2023624 - ET TROJAN Ransomware/Cerber Checkin M3 (13) (trojan.rules)
2023625 - ET TROJAN Ransomware/Cerber Checkin M3 (14) (trojan.rules)
2023626 - ET TROJAN Ransomware/Cerber Checkin M3 (15) (trojan.rules)
2023627 - ET TROJAN Ransomware/Cerber Checkin M3 (16) (trojan.rules)
2825179 - ETPRO TROJAN Carbanak PowerShell DNS TXT CnC Beacon 2 (trojan.rules)

[---]         Removed rules:         [---]

2807294 - ETPRO TROJAN Trojan/Cosmu.ldj Install (trojan.rules)
2825333 - ETPRO TROJAN Spora Ransomware SSL Certificate Detected (trojan.rules)
 

Date: 
Friday, March 10, 2017 - 00:00