Daily Ruleset Update Summary 2017/03/28

[***]            Summary:            [***]

3 new Open, 30 new Pro (3 + 27). Theresa Ransomware, CVE-2017-7269, Various Phishing, Various Android

Thanks: @jonny55555

[+++]          Added rules:          [+++]

Open:

2024105 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (2kjb7.net) (policy.rules)
2024106 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (7tno4hib47vlep5o) (trojan.rules)
2024107 - ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) (web_server.rules)

Pro:

2825629 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 27 2017 (current_events.rules)
2825630 - ETPRO CURRENT_EVENTS RBC Royal Bank Phishing Landing Mar 27 2017 (current_events.rules)
2825631 - ETPRO TROJAN HAKOPS Keylogger SMTP Infection Report (trojan.rules)
2825632 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 27 2017 (current_events.rules)
2825633 - ETPRO MOBILE_MALWARE PUP Android/Cooee.B Checkin (mobile_malware.rules)
2825634 - ETPRO MOBILE_MALWARE PUP Android/Cooee.B Checkin 2 (mobile_malware.rules)
2825635 - ETPRO MOBILE_MALWARE Android.Trojan.Fotemain.B CnC Beacon (mobile_malware.rules)
2825636 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.g SMS Exfil (mobile_malware.rules)
2825641 - ETPRO MOBILE_MALWARE Android/SmForw.J CnC Beacon (mobile_malware.rules)
2825642 - ETPRO MOBILE_MALWARE Android/SmForw.J Contact Exfil (mobile_malware.rules)
2825643 - ETPRO MOBILE_MALWARE Android.Riskware.SMSSend.B Checkin (mobile_malware.rules)
2825644 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 28 2017 (current_events.rules)
2825645 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Mar 28 2017 (current_events.rules)
2825646 - ETPRO TROJAN Theresa Ransomware Initial CnC Checkin (trojan.rules)
2825647 - ETPRO TROJAN Theresa Ransomware Initial CnC Checkin Response (trojan.rules)
2825648 - ETPRO TROJAN Theresa Ransomware CnC File Encryption Status (trojan.rules)
2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.fi) (policy.rules)
2825650 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy Domain - Clone (trojan.rules)
2825651 - ETPRO TROJAN Win32/Remcos RAT Checkin 3 (trojan.rules)
2825652 - ETPRO POLICY External IP Lookup ipapi.co (policy.rules)
2825653 - ETPRO POLICY External IP Lookup ipof.in (policy.rules)
2825654 - ETPRO TROJAN MSIL/Unknown CnC Checkin via MSSQL 1 (trojan.rules)
2825655 - ETPRO TROJAN MSIL/Unknown CnC Checkin via MSSQL 2 (trojan.rules)
2825656 - ETPRO TROJAN W32.Gotrat.de Checkin 2 (trojan.rules)
2825657 - ETPRO TROJAN W32.Gotrat.de Checkin (trojan.rules)
2825658 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)
2825659 - ETPRO TROJAN Unknown KeyLogger CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2018876 - ET POLICY  DNS Query to .onion proxy Domain (onion.cab) (policy.rules)
2020839 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (63ghdye17.com) (policy.rules)
2020844 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (7hwr34n18.com) (policy.rules)
2020869 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (wh47f2as19.com) (policy.rules)
2021293 - ET CURRENT_EVENTS KaiXin Secondary Landing Page (current_events.rules)
2807390 - ETPRO TROJAN Trojan.Dimnie Checkin 2 (trojan.rules)
2807391 - ETPRO TROJAN Trojan.Dimnie Checkin (trojan.rules)
2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv Refresh) Dec 29 2016 (current_events.rules)
2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)

[---]         Removed rules:         [---]

2809702 - ETPRO TROJAN Win32/Teslacrypt Ransomware .onion domain (7tno4hib47vlep5o) (trojan.rules)
2809867 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb7.net) (policy.rules)
 

Date: 
Tuesday, March 28, 2017 - 00:00