Daily Ruleset Update Summary 2017/03/29

[***]            Summary:            [***]

16 new Open, 30 new Pro (16 + 14). CrypMIC/HappyDayzz Ransomware, Various Phishing, Various Android

Thanks: Jeff H, @rmkml

[+++]          Added rules:          [+++]

Open:

2020839 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain ( 63ghdye17.com) (trojan.rules)
2020844 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain ( 7hwr34n18.com) (trojan.rules)
2020869 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain ( wh47f2as19.com) (trojan.rules)
2024105 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (2kjb7.net) (trojan.rules)
2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com) (trojan.rules)
2024109 - ET CURRENT_EVENTS Possible Malicious Macro DL BIN March 2017 (current_events.rules)
2024110 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024111 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024112 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024113 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024114 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain  (trojan.rules)
2024115 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024116 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024117 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024118 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024119 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)

Pro:

2825660 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Mar 28 2017 (current_events.rules)
2825661 - ETPRO CURRENT_EVENTS Successful Amazon Phish Mar 28 2017 (current_events.rules)
2825662 - ETPRO CURRENT_EVENTS Successful DHL Phish Mar 28 2017 (current_events.rules)
2825663 - ETPRO CURRENT_EVENTS Successful Amazon Phish Mar 29 2017 (current_events.rules)
2825664 - ETPRO CURRENT_EVENTS Successful Facebook Phish Mar 28 2017 (current_events.rules)
2825665 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Mar 28 2017 (current_events.rules)
2825666 - ETPRO CURRENT_EVENTS Successful Chase Phish Mar 28 2017 (current_events.rules)
2825669 - ETPRO CURRENT_EVENTS Successful DHL Phish Mar 29 2017 (current_events.rules)
2825670 - ETPRO TROJAN Possible Banker.Win32.Alreay SSL Cert (legit compromised) (trojan.rules)
2825671 - ETPRO TROJAN W32/Unknown Checkin (trojan.rules)
2825672 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-29 1) (trojan.rules)
2825673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-29 2) (trojan.rules)
2825674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-29 3) (trojan.rules)
2825675 - ETPRO TROJAN Win32/HappyDayzz Ransomware CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2016868 - ET CURRENT_EVENTS Neutrino EK Plugin-Detect 2 May 20 2013 (current_events.rules)
2017587 - ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon (mobile_malware.rules)
2017594 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Oct 15 2013 (current_events.rules)
2017595 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Oct 15 2013 (current_events.rules)
2017596 - ET CURRENT_EVENTS Neutrino EK XORed pluginDetect 1 (current_events.rules)
2017597 - ET CURRENT_EVENTS Neutrino EK XORed pluginDetect 2 (current_events.rules)
2017653 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit/Payload Download Nov 1 2013 (current_events.rules)
2017661 - ET CURRENT_EVENTS Possible Redirect to Neutrino EK goi.php Nov 4 2013 (current_events.rules)
2017824 - ET CURRENT_EVENTS Neutrino EK Landing Page Dec 09 2013 (current_events.rules)
2017963 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight Exploit Jan 13 2014 DLL Naming Convention (current_events.rules)
2017971 - ET CURRENT_EVENTS Possible Neutrino EK IE/Silverlight Payload Download (current_events.rules)
2018226 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight Exploit March 05 2014 DLL Naming Convention (current_events.rules)
2018580 - ET TROJAN Win32/Neutrino Checkin (trojan.rules)
2019211 - ET TROJAN Win32/Neutrino ping (trojan.rules)
2020093 - ET TROJAN Win32/Neutrino Cookie (trojan.rules)
2020094 - ET TROJAN Win32/Neutrino CC dump (trojan.rules)
2020779 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 78 (trojan.rules)
2020781 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 80 (trojan.rules)
2020783 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 82 (trojan.rules)
2020785 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 84 (trojan.rules)
2020791 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 90 (trojan.rules)
2020949 - ET TROJAN Win32/Neutrino Bot Fake 404 Checkin Response (trojan.rules)
2021128 - ET TROJAN Blue Bot DDoS Proxy Request (trojan.rules)
2021588 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M2 Aug 02 2015 (current_events.rules)
2021589 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M3 Aug 02 2015 (current_events.rules)
2021590 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M1 Aug 02 2015 (IE) (current_events.rules)
2022462 - ET TROJAN Win32/Neutrino Checkin 2 (trojan.rules)
2022463 - ET TROJAN Win32/Neutrino Checkin 3 (trojan.rules)
2810822 - ETPRO TROJAN Win32/Neutrino Checkin Response (trojan.rules)
2812645 - ETPRO TROJAN Win32/Neutrino Checkin 1 (trojan.rules)
2812646 - ETPRO TROJAN Win32/Neutrino Checkin 2 (trojan.rules)
2812647 - ETPRO TROJAN Win32/Neutrino Failed Task (trojan.rules)
2812659 - ETPRO TROJAN Possible Win32/Neutrino Checkin Response (trojan.rules)
2814472 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M1 (current_events.rules)
2814473 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M2 (current_events.rules)
2814474 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M3 (current_events.rules)
2814475 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M4 (current_events.rules)
2814476 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M5 (current_events.rules)
2814477 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M6 (current_events.rules)
2814570 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M1 (current_events.rules)
2814571 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M2 (current_events.rules)
2814572 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M3 (current_events.rules)
2814573 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M4 (current_events.rules)
2814574 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M5 (current_events.rules)
2814575 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M6 (current_events.rules)
2814604 - ETPRO MALWARE Win32/Dorv.A/Expiro CnC Beacon (malware.rules)
2814950 - ETPRO CURRENT_EVENTS Likely Neutrino EK Payload Oct 20 2015 M7 (current_events.rules)
2815413 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M8 Landing URI Struct (current_events.rules)
2815414 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M9 Landing URI Struct (current_events.rules)
2815415 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 10 Landing URI Struct (current_events.rules)
2815664 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Oct 20 2015 M11 Landing URI Struct (current_events.rules)
2820851 - ETPRO CURRENT_EVENTS Possible Neutrino EK Landing Landing URI Struct (fb set) (current_events.rules)
2821023 - ETPRO TROJAN Win32/Neutrino Bot Malicious SSL Certificate Detected (trojan.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
2825650 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy Domain (trojan.rules)

[///]    Modified inactive rules:    [///]

2017179 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download (current_events.rules)
2017180 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download 2 (current_events.rules)
2017267 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep 30 2013 (current_events.rules)
2017268 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep 30 2013 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2809527 - ETPRO TROJAN Infostealer.Gamania Checkin (trojan.rules)

[---]         Removed rules:         [---]

2020839 - ET POLICY Win32/Teslacrypt Ransomware .onion domain ( 63ghdye17.com) (policy.rules)
2020844 - ET POLICY Win32/Teslacrypt Ransomware .onion domain ( 7hwr34n18.com) (policy.rules)
2020869 - ET POLICY Win32/Teslacrypt Ransomware .onion domain ( wh47f2as19.com) (policy.rules)
2024105 - ET POLICY Win32/Teslacrypt Ransomware .onion domain (2kjb7.net) (policy.rules)
 

Date: 
Wednesday, March 29, 2017 - 00:00