Daily Ruleset Update Summary 2017/04/12

[***]            Summary:            [***]

1 new Open, 24 new Pro (1 + 23). Mole Ransomware, Various Phishing, Various Android

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

2024203 - ET TROJAN Win32/Mole Ransomware CnC Beacon (trojan.rules)

Pro:

2825898 - ETPRO TROJAN Win32.APosT.em DocStealer Retrieving Plugin (trojan.rules)
2825899 - ETPRO TROJAN MSIL/Unk.PWSDL Initial CnC Checkin (trojan.rules)
2825900 - ETPRO TROJAN MSIL/Unk.PWSDL Main CnC Checkin (trojan.rules)
2825901 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 34 (mobile_malware.rules)
2825902 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 35 (mobile_malware.rules)
2825903 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 36 (mobile_malware.rules)
2825904 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 37 (mobile_malware.rules)
2825905 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 38 (mobile_malware.rules)
2825906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 40 (mobile_malware.rules)
2825907 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 41 (mobile_malware.rules)
2825908 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 42 (mobile_malware.rules)
2825909 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 43 (mobile_malware.rules)
2825910 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 44 (mobile_malware.rules)
2825911 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 45 (mobile_malware.rules)
2825912 - ETPRO MALWARE Unknown Downloader Retrieving URL List (malware.rules)
2825913 - ETPRO TROJAN Unknown Downloader Request (trojan.rules)
2825914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017 (current_events.rules)
2825915 - ETPRO CURRENT_EVENTS Successful Facebook Payment Update Phish Apr 12 2017 (current_events.rules)
2825916 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017 (current_events.rules)
2825917 - ETPRO CURRENT_EVENTS Successful Restore Missing Messages Phish Apr 12 2017 (current_events.rules)
2825918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bps CnC Beacon (mobile_malware.rules)
2825919 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Apr 12 2017 (current_events.rules)
2825920 - ETPRO CURRENT_EVENTS Successful Administrator Quarterly Verification Phish Apr 12 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2015946 - ET CURRENT_EVENTS CrimeBoss - Setup (current_events.rules)
2024197 - ET CURRENT_EVENTS SUSPICIOUS MSXMLHTTP DL of HTA (Observed in RTF 0-day ) (current_events.rules)
2814578 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 2 (dns.rules)
2814905 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 3 (dns.rules)
2814906 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 4 (dns.rules)
2815637 - ETPRO TROJAN Win32/Agent.XOA Checkin (APT-C-23) (trojan.rules)
2821424 - ETPRO TROJAN Win32/Daserf CnC Beacon 1 (trojan.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
 

Date: 
Wednesday, April 12, 2017 - 00:00