Daily Ruleset Update Summary 2017/04/13

[***]            Summary:            [***]

1 new Open, 35 new Pro (1 + 34). Hidden-Tear Variant Ransomware, Various Phishing, Various Android

[+++]          Added rules:          [+++]

Open:

2024204 - ET TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin (trojan.rules)

Pro:

2825921 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017 (current_events.rules)
2825922 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 12 2017 (current_events.rules)
2825923 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon (mobile_malware.rules)
2825924 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon 2 (mobile_malware.rules)
2825925 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon 3 (mobile_malware.rules)
2825926 - ETPRO TROJAN Callisto RCS CnC Beacon 1 (trojan.rules)
2825927 - ETPRO TROJAN RCS Variant CnC Beacon (trojan.rules)
2825928 - ETPRO MOBILE_MALWARE PUA Android/SMSreg.UX CnC Beacon (mobile_malware.rules)
2825929 - ETPRO TROJAN MSIL/Remcos RAT CnC Checkin (trojan.rules)
2825930 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Inbound) (trojan.rules)
2825931 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Outbound) (trojan.rules)
2825932 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Init Screenshot (trojan.rules)
2825933 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Init Screenshot (trojan.rules)
2825934 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Screenshot (trojan.rules)
2825935 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Screenshot (trojan.rules)
2825936 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Uninstall (trojan.rules)
2825937 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Apr 13 2017 (current_events.rules)
2825938 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Apr 13 2017 (current_events.rules)
2825939 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Apr 13 2017 (current_events.rules)
2825940 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Apr 13 2017 (current_events.rules)
2825941 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Apr 13 2017 (current_events.rules)
2825942 - ETPRO CURRENT_EVENTS Successful Fortuneo Banque (FR) Phish Apr 13 2017 (current_events.rules)
2825943 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2825944 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2825945 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Apr 13 2017 (current_events.rules)
2825946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 46 (mobile_malware.rules)
2825947 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 47 (mobile_malware.rules)
2825948 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 48 (mobile_malware.rules)
2825949 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 49 (mobile_malware.rules)
2825950 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 50 (mobile_malware.rules)
2825951 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 51 (mobile_malware.rules)
2825952 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 52 (mobile_malware.rules)
2825953 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 53 (mobile_malware.rules)
2825954 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 54 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2023335 - ET TROJAN Nuke Ransomware Checkin (trojan.rules)
2808718 - ETPRO TROJAN Backdoor.Win32/Turla.A Checkin (trojan.rules)
2824707 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (Fake Safe Browsing) (trojan.rules)
2825898 - ETPRO TROJAN Win32.APosT.em DocStealer Retrieving Plugin (trojan.rules)

[---]         Disabled rules:        [---]

2820603 - ETPRO EXPLOIT Possible CVE-2016-3218 Executable Inbound (exploit.rules)
 

Date: 
Thursday, April 13, 2017 - 00:00