Daily Ruleset Update Summary 2017/04/04

[***]            Summary:            [***]

14 new Open, 56 new Pro (14 + 42). Terror EK, Red Leaves, Felismus, Various Phishing, Various Android

Thanks: @illegalFawn, @malware_traffic, @malwrhunterteam, Russell Fulton & NCCGroup

[+++]          Added rules:          [+++]

Open:

2024167 - ET CURRENT_EVENTS Successful Mail.ru Phish Apr 04 2017 (current_events.rules)
2024168 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit (current_events.rules)
2024169 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2 (current_events.rules)
2024170 - ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit (current_events.rules)
2024171 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon (mobile_malware.rules)
2024172 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon M2 (mobile_malware.rules)
2024173 - ET TROJAN [NCC Group] Red Leaves magic packet detected (APT10 implant) (trojan.rules)
2024174 - ET TROJAN [NCC Group] Red Leaves magic packet response detected (APT10 implant) (trojan.rules)
2024175 - ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant) (trojan.rules)
2024176 - ET TROJAN Felismus CnC Beacon 1 (trojan.rules)
2024177 - ET TROJAN Felismus CnC Beacon 2 (trojan.rules)
2024178 - ET TROJAN MSIL/Matrix Ransomware Sending Encrypted Filelist (trojan.rules)
2024179 - ET TROJAN Win32/Neutrino Checkin 6 (trojan.rules)
2024180 - ET CURRENT_EVENTS Terror EK Payload Download (current_events.rules)

Pro:

2825727 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 9 (mobile_malware.rules)
2825728 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 10 (mobile_malware.rules)
2825729 - ETPRO TROJAN W32.Geodo/Emotet Checkin M2 (trojan.rules)
2825730 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish Apr 4 2017 (current_events.rules)
2825731 - ETPRO CURRENT_EVENTS Successful Mailserve Webmail Phish Apr 04 2017 (current_events.rules)
2825732 - ETPRO CURRENT_EVENTS Successful EDF (FR) Phish Apr 04 2017 (current_events.rules)
2825733 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Apr 04 2017 (current_events.rules)
2825734 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Apr 04 2017 (current_events.rules)
2825735 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Apr 04 2017 (current_events.rules)
2825736 - ETPRO CURRENT_EVENTS Successful ICS Phish Apr 04 2017 (current_events.rules)
2825737 - ETPRO TROJAN DNS Query to Cerber Domain (1jnhdc . top) (trojan.rules)
2825738 - ETPRO TROJAN DNS Query to Cerber Domain (1bas8q . top) (trojan.rules)
2825739 - ETPRO TROJAN DNS Query to Cerber Domain (1jwuaa . top) (trojan.rules)
2825740 - ETPRO TROJAN DNS Query to Cerber Domain (1hpvzl . top) (trojan.rules)
2825741 - ETPRO TROJAN DNS Query to Cerber Domain (1a8u1r . top) (trojan.rules)
2825742 - ETPRO TROJAN DNS Query to Cerber Domain (1eagrj . top) (trojan.rules)
2825743 - ETPRO TROJAN DNS Query to Cerber Domain (14stvt . top) (trojan.rules)
2825744 - ETPRO TROJAN DNS Query to Cerber Domain (18f5bw . top) (trojan.rules)
2825745 - ETPRO TROJAN DNS Query to Cerber Domain (1fzz7a . top) (trojan.rules)
2825746 - ETPRO TROJAN DNS Query to Cerber Domain (1mat7v . top) (trojan.rules)
2825747 - ETPRO TROJAN DNS Query to Cerber Domain (1w5iy8 . top) (trojan.rules)
2825748 - ETPRO TROJAN DNS Query to Cerber Domain (1acfka . top) (trojan.rules)
2825749 - ETPRO TROJAN DNS Query to Sage Domain (y8lkjg5 . net) (trojan.rules)
2825750 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 11 (mobile_malware.rules)
2825751 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 12 (mobile_malware.rules)
2825752 - ETPRO TROJAN Win32/MoonWind CnC (trojan.rules)
2825753 - ETPRO TROJAN Win32/Remcos RAT Checkin 5 (trojan.rules)
2825754 - ETPRO TROJAN Win32/Remcos RAT Checkin 4 (trojan.rules)
2825755 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 13 (mobile_malware.rules)
2825756 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 14 (mobile_malware.rules)
2825757 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 15 (mobile_malware.rules)
2825758 - ETPRO TROJAN MSIL/Filecoder.FR Ransomware CnC Checkin (trojan.rules)
2825759 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 16 (mobile_malware.rules)
2825760 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 17 (mobile_malware.rules)
2825761 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 18 (mobile_malware.rules)
2825762 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 19 (mobile_malware.rules)
2825763 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 20 (mobile_malware.rules)
2825764 - ETPRO TROJAN Win32/Neutrino Checkin 5 (trojan.rules)
2825765 - ETPRO CURRENT_EVENTS Possible Magnitude EK First Stage Landing Apr 04 2017 (current_events.rules)
2825766 - ETPRO TROJAN Loki Bot Checkin M2 (trojan.rules)
2825767 - ETPRO TROJAN Stolich Gen Ransomware CnC Create Key (trojan.rules)
2825768 - ETPRO TROJAN Stolich Gen Ransomware CnC Save Key (trojan.rules)

[///]     Modified active rules:     [///]

2820316 - ETPRO TROJAN EDA2 Gen Ransomware CnC Create Key (trojan.rules)

[---]         Disabled rules:        [---]

2008500 - ET MALWARE Sogou.com Spyware User-Agent (SogouIMEMiniSetup) (malware.rules)
2020984 - ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015 (current_events.rules)
 

Date: 
Tuesday, April 4, 2017 - 00:00