Daily Ruleset Update Summary 2017/04/05

[***]            Summary:            [***]

1 new Open, 32 new Pro (1 + 31). KASPERAGENT, Scanbox, Various Phishing, Various Android

[+++]          Added rules:          [+++]

Open:

2024181 - ET EXPLOIT D-LINK DIR-615 Cross-Site Request Forgery (CVE-2017-7398) (exploit.rules)

Pro:

2825769 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 (current_events.rules)
2825770 - ETPRO CURRENT_EVENTS Possible Magnitude EK Apr 04 2017 (current_events.rules)
2825771 - ETPRO CURRENT_EVENTS Successful Capital One Phish Apr 05 2017 (current_events.rules)
2825772 - ETPRO CURRENT_EVENTS Successful ING Phish (NL) Apr 05 2017 (current_events.rules)
2825773 - ETPRO CURRENT_EVENTS Successful Chase Phish Apr 05 2017 (current_events.rules)
2825774 - ETPRO TROJAN MSIL/Filecoder.AK Ransomware CnC Checkin (trojan.rules)
2825775 - ETPRO TROJAN APT28 Uploader SSL Cert (trojan.rules)
2825776 - ETPRO MALWARE APNInstaller PUP/Adware HTTP POST Request (malware.rules)
2825777 - ETPRO TROJAN Torrentlocker Ransom Page HTTP Request (trojan.rules)
2825778 - ETPRO TROJAN DNS Query to Cerber Domain (1mvku2 . top) (trojan.rules)
2825779 - ETPRO TROJAN DNS Query to Cerber Domain (1qk2un . top) (trojan.rules)
2825780 - ETPRO TROJAN DNS Query to Cerber Domain (1gswwp . top) (trojan.rules)
2825781 - ETPRO TROJAN DNS Query to Cerber Domain (13eymq . top) (trojan.rules)
2825782 - ETPRO TROJAN DNS Query to Cerber Domain (1aamtz . top) (trojan.rules)
2825783 - ETPRO TROJAN DNS Query to Cerber Domain (1mswjm . top) (trojan.rules)
2825784 - ETPRO TROJAN DNS Query to Cerber Domain (1fy93v . top) (trojan.rules)
2825785 - ETPRO TROJAN DNS Query to Cerber Domain (14klmz . top) (trojan.rules)
2825786 - ETPRO TROJAN DNS Query to Cerber Domain (1xynaz . top) (trojan.rules)
2825787 - ETPRO TROJAN DNS Query to Cerber Domain (1ppto6 . top) (trojan.rules)
2825788 - ETPRO TROJAN APT28 Unknown DNS Lookup (trojan.rules)
2825789 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon (mobile_malware.rules)
2825790 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon 2 (mobile_malware.rules)
2825791 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Contacts Exfil (mobile_malware.rules)
2825792 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC SMS Exfil (mobile_malware.rules)
2825793 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Info Exfil (mobile_malware.rules)
2825794 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon 3 (mobile_malware.rules)
2825795 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Login Exfil (mobile_malware.rules)
2825796 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Domain Request in SNI via SSL (mobile_malware.rules)
2825797 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Login Exfil 2 (mobile_malware.rules)
2825798 - ETPRO TROJAN KASPERAGENT CnC Request (trojan.rules)
2825799 - ETPRO TROJAN Targeted/Possible APT ScanBox DNS Lookup (trojan.rules)

[///]     Modified active rules:     [///]

2012981 - ET TROJAN Possible FakeAV Binary Download (Security) (trojan.rules)
2022985 - ET TROJAN Trojan Generic - POST To gate.php with no accept headers (trojan.rules)
2023998 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules)
2024175 - ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant) (trojan.rules)
2825132 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
2825302 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825303 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825304 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825306 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825619 - ETPRO TROJAN Fatboy Python Ransomware CnC Checkin (trojan.rules)
2825620 - ETPRO TROJAN Fatboy Python Ransomware CnC Activity (trojan.rules)
2825625 - ETPRO TROJAN Fatboy Python Ransomware CnC Activity M2 (trojan.rules)
2825758 - ETPRO TROJAN MSIL/GX40 Ransomware CnC Checkin (trojan.rules)

[---]         Removed rules:         [---]

2825627 - ETPRO TROJAN Undefined Python Ransomware CnC Activity (trojan.rules)
 

Date: 
Wednesday, April 5, 2017 - 00:00