Daily Ruleset Update Summary 2017/04/17

[***]            Summary:            [***]

8 new Open, 24 new Pro (8 + 16). Quant Loader, Misc Shadowbrokers, Possessor Keylogger, Trik Backdoor

Thanks: @Certego_IRT

[+++]          Added rules:          [+++]

Open:

2024206 - ET TROJAN Quant Loader Download Response M2 (trojan.rules)
2024207 - ET EXPLOIT Possible Successful ETERNALROMANCE MS17-010 - Windows Executable Observed (exploit.rules)
2024208 - ET EXPLOIT Possible ETERNALROMANCE MS17-010 (exploit.rules)
2024212 - ET EXPLOIT Possible ETERNALCHAMPION MS17-010 Sync Request (set) (exploit.rules)
2024213 - ET EXPLOIT Possible ETERNALCHAMPION MS17-010 Sync Response (exploit.rules)
2024214 - ET EXPLOIT Possible ECLIPSEDWING RPCTOUCH MS08-067 (exploit.rules)
2024215 - ET EXPLOIT Possible ECLIPSEDWING MS08-067 (exploit.rules)
2024216 - ET EXPLOIT Possible DOUBLEPULSAR Beacon Response (exploit.rules)

Pro:

2825990 - ETPRO TROJAN MSIL/Possessor Keylogger HTTP Logging (trojan.rules)
2825991 - ETPRO TROJAN MSIL/Possessor Keylogger Retrieving Commands via FTP (trojan.rules)
2825992 - ETPRO TROJAN MSIL/Possessor Keylogger Reporting External IP (trojan.rules)
2825993 - ETPRO TROJAN MSIL/Possessor Keylogger HTTP Logging M2 (trojan.rules)
2825994 - ETPRO TROJAN MSIL/Possessor Keylogger Generating Logs via FTP (trojan.rules)
2825995 - ETPRO TROJAN Win32/TeamSpy CnC Checkin (trojan.rules)
2825996 - ETPRO TROJAN Win32/TeamSpy CnC Keep-Alive (Outbound) (trojan.rules)
2825997 - ETPRO TROJAN Malicious JS Download Response (trojan.rules)
2825998 - ETPRO TROJAN Malicious JS Download Request (trojan.rules)
2825999 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Steam PWS CnC) (trojan.rules)
2826000 - ETPRO MOBILE_MALWARE Android/HiddenApp.BF CnC Beacon (mobile_malware.rules)
2826001 - ETPRO MOBILE_MALWARE Android/Kemoge Checkin 4 (mobile_malware.rules)
2826002 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M3 (current_events.rules)
2826003 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M4 (current_events.rules)
2826004 - ETPRO TROJAN Malicious Fake Browser Update JS Download Response (trojan.rules)
2826005 - ETPRO TROJAN MSIL/Trik Backdoor IRC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2012118 - ET INFO http string in hex Possible Obfuscated Exploit Redirect (info.rules)
2013436 - ET INFO Redirection to driveby Page Home index.php (info.rules)
2825619 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Checkin (trojan.rules)
2825620 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity (trojan.rules)
2825625 - ETPRO TROJAN PyCL/Fatboy Python Ransomware CnC Activity M2 (trojan.rules)
2825945 - ETPRO CURRENT_EVENTS Successful Impots. gouv. fr Phish Apr 13 2017 (current_events.rules)
 

Date: 
Monday, April 17, 2017 - 00:00