Daily Ruleset Update Summary 2017/04/25

[***]            Summary:            [***]

8 new Open, 21 new Pro (8 + 13). ARM Binary Downloaded via WGET, pyteHole Ransomware, Various Phishing, Various Mobile

Thanks: Kevin Ross, @MalwrHunterTeam, @0x00_ach

[+++]          Added rules:          [+++]

Open:

2024239 - ET TROJAN MSIL/Karmen Ransomware CnC Activity (trojan.rules)
2024240 - ET INFO ARM File Requested via WGET (set) (info.rules)
2024241 - ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command - Possible IoT Malware (trojan.rules)
2024242 - ET TROJAN ARM Binary Downloaded via WGET Containing GoAhead and Multiple Camera RCE 0Day Vulnerabilities (trojan.rules)
2024243 - ET TROJAN ARM Binary Requested via WGET to Known IoT Malware Domain (trojan.rules)
2024244 - ET TROJAN Known IoT Malware Domain (trojan.rules)
2024245 - ET TROJAN Known IoT Malware Domain (trojan.rules)
2024246 - ET TROJAN Observed Malicious SSL cert (pyteHole Ransomware) (trojan.rules)

Pro:

2826098 - ETPRO MOBILE_MALWARE Android/Monitor.Drower.B SMS Exfil (mobile_malware.rules)
2826099 - ETPRO TROJAN MSIL/Spy.Agent.AUE Checkin (trojan.rules)
2826100 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A CnC Beacon (mobile_malware.rules)
2826101 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 81 (mobile_malware.rules)
2826102 - ETPRO MOBILE_MALWARE Android.Trojan.Fjcon.D Checkin (mobile_malware.rules)
2826103 - ETPRO MOBILE_MALWARE Android.Adware.Dowgin.gQAM Checkin (mobile_malware.rules)
2826104 - ETPRO CURRENT_EVENTS Successful Mobile Banco do Brasil Phish Apr 25 2017 (current_events.rules)
2826105 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (li) (trojan.rules)
2826106 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (prof) (trojan.rules)
2826107 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (infn) (trojan.rules)
2826108 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 25 2017 (current_events.rules)
2826109 - ETPRO CURRENT_EVENTS Successful OWA Phish Apr 25 2017 (current_events.rules)
2826110 - ETPRO CURRENT_EVENTS Successful Snapchat Phish Apr 25 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2814860 - ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) (trojan.rules)
2819864 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Batmob.b Checkin (mobile_malware.rules)

[---]         Removed rules:         [---]

2825462 - ETPRO TROJAN MSIL/Karmen Ransomware CnC Activity (trojan.rules)
 

Date: 
Tuesday, April 25, 2017 - 00:00