Daily Ruleset Update Summary 2017/04/14

[***]            Summary:            [***]

3 new Open, 38 new Pro (3 + 35). Various Phishing, Trojan-Banker.AndroidOS.Asacub.a

Thanks: @demonslay335

[+++]          Added rules:          [+++]

Open:

2012118 - ET INFO http string in hex Possible Obfuscated Exploit Redirect (info.rules)
2013436 - ET INFO Redirection to driveby Page Home index.php (info.rules)
2024205 - ET TROJAN Win32/Cradle Ransomware Onion Domain (trojan.rules)

Pro:

2825955 - ETPRO TROJAN DNS Query to Cerber Domain (1npg9s . top) (trojan.rules)
2825956 - ETPRO TROJAN DNS Query to Cerber Domain (1nhkou . top) (trojan.rules)
2825957 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 1) (trojan.rules)
2825958 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 2) (trojan.rules)
2825959 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 3) (trojan.rules)
2825960 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Apr 13 2017 (current_events.rules)
2825961 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2825962 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 14 2017 (current_events.rules)
2825963 - ETPRO CURRENT_EVENTS Successful Caixa Bank (BR) Phish Apr 14 2017 (current_events.rules)
2825964 - ETPRO CURRENT_EVENTS Successful Fedex Phish Apr 14 2017 (current_events.rules)
2825965 - ETPRO CURRENT_EVENTS Secure Download Phishing Landing Apr 14 2017 (current_events.rules)
2825966 - ETPRO CURRENT_EVENTS Successful Apple Phish Apr 14 2017 (current_events.rules)
2825967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 55 (mobile_malware.rules)
2825968 - ETPRO CURRENT_EVENTS Successful Admin Server Portal Phish Apr 14 2017 (current_events.rules)
2825969 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 56 (mobile_malware.rules)
2825970 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 57 (mobile_malware.rules)
2825971 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 58 (mobile_malware.rules)
2825972 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 59 (mobile_malware.rules)
2825973 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 60 (mobile_malware.rules)
2825974 - ETPRO CURRENT_EVENTS Successful Instagram Phish Apr 14 2017 (current_events.rules)
2825975 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 61 (mobile_malware.rules)
2825976 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 62 (mobile_malware.rules)
2825977 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 63 (mobile_malware.rules)
2825978 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 64 (mobile_malware.rules)
2825979 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 65 (mobile_malware.rules)
2825980 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 66 (mobile_malware.rules)
2825981 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 67 (mobile_malware.rules)
2825982 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 68 (mobile_malware.rules)
2825983 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 69 (mobile_malware.rules)
2825984 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 70 (mobile_malware.rules)
2825985 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 71 (mobile_malware.rules)
2825986 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 72 (mobile_malware.rules)
2825987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 73 (mobile_malware.rules)
2825988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 74 (mobile_malware.rules)
2825989 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 75 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2023612 - ET TROJAN Ransomware/Cerber Checkin M3 (1) (trojan.rules)
2023613 - ET TROJAN Ransomware/Cerber Checkin M3 (2) (trojan.rules)
2023614 - ET TROJAN Ransomware/Cerber Checkin M3 (3) (trojan.rules)
2023615 - ET TROJAN Ransomware/Cerber Checkin M3 (4) (trojan.rules)
2023616 - ET TROJAN Ransomware/Cerber Checkin M3 (5) (trojan.rules)
2023617 - ET TROJAN Ransomware/Cerber Checkin M3 (6) (trojan.rules)
2023618 - ET TROJAN Ransomware/Cerber Checkin M3 (7) (trojan.rules)
2023619 - ET TROJAN Ransomware/Cerber Checkin M3 (8) (trojan.rules)
2023620 - ET TROJAN Ransomware/Cerber Checkin M3 (9) (trojan.rules)
2023621 - ET TROJAN Ransomware/Cerber Checkin M3 (10) (trojan.rules)
2023622 - ET TROJAN Ransomware/Cerber Checkin M3 (11) (trojan.rules)
2023623 - ET TROJAN Ransomware/Cerber Checkin M3 (12) (trojan.rules)
2023624 - ET TROJAN Ransomware/Cerber Checkin M3 (13) (trojan.rules)
2023625 - ET TROJAN Ransomware/Cerber Checkin M3 (14) (trojan.rules)
2023626 - ET TROJAN Ransomware/Cerber Checkin M3 (15) (trojan.rules)
2023627 - ET TROJAN Ransomware/Cerber Checkin M3 (16) (trojan.rules)
2824707 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (Fake Safe Browsing) (trojan.rules)
2825619 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Checkin (trojan.rules)
2825620 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity (trojan.rules)
2825625 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity M2 (trojan.rules)
2825929 - ETPRO TROJAN MSIL/Remcos RAT CnC Checkin (trojan.rules)
2825930 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Inbound) (trojan.rules)
2825931 - ETPRO TROJAN MSIL/Remcos RAT CnC Keep-Alive (Outbound) (trojan.rules)
2825932 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Init Screenshot (trojan.rules)
2825933 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Init Screenshot (trojan.rules)
2825934 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Screenshot (trojan.rules)
2825935 - ETPRO TROJAN MSIL/Remcos RAT CnC Sending Screenshot (trojan.rules)
2825936 - ETPRO TROJAN MSIL/Remcos RAT CnC Requesting Uninstall (trojan.rules)
2825945 - ETPRO CURRENT_EVENTS Successful Impots. gouv. fr Phish Apr 13 2017 (current_events.rules)

[---]         Removed rules:         [---]

2012118 - ET CURRENT_EVENTS http string in hex Likely Obfuscated Exploit Redirect (current_events.rules)
2013436 - ET CURRENT_EVENTS Redirection to driveby Page Home index.php (current_events.rules)
 

Date: 
Friday, April 14, 2017 - 00:00