Daily Ruleset Update Summary 2017/04/27

[***]            Summary:            [***]

17 new Open, 42 new Pro (17 + 25). Word File Embedded in PDF, Misc Cobalt Strike, MSIL/ClipBanker.BT, Various Phishing, Various Mobile

[+++]          Added rules:          [+++]

Open:

2022987 - ET MALWARE LoadMoney Checkin 5 (malware.rules)
2024249 - ET MALWARE Loadmoney User Agent (malware.rules)
2024250 - ET MALWARE Loadmoney.A Checkin 1 (malware.rules)
2024251 - ET MALWARE Loadmoney.A Checkin 2 (malware.rules)
2024252 - ET MALWARE Loadmoney.A Checkin 3 (malware.rules)
2024253 - ET MALWARE Loadmoney.A Checkin 4 (malware.rules)
2024254 - ET MALWARE Loadmoney.A Checkin 6 (malware.rules)
2024255 - ET MALWARE Loadmoney.A Checkin 7 (malware.rules)
2024256 - ET MALWARE Loadmoney.A Checkin 5 (malware.rules)
2024257 - ET MALWARE Loadmoney.A Checkin 8 (malware.rules)
2024258 - ET MALWARE Loadmoney Checkin 1 (malware.rules)
2024259 - ET MALWARE Loadmoney Checkin 2 (malware.rules)
2024260 - ET MALWARE Win32.LoadMoney User Agent (malware.rules)
2024261 - ET MALWARE Loadmoney Checkin 3 (malware.rules)
2024262 - ET MALWARE Loadmoney Checkin 4 (malware.rules)
2024263 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024264 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)

Pro:

2826135 - ETPRO CURRENT_EVENTS Successful iCloud Phish Apr 27 2017 (current_events.rules)
2826136 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Apr 27 2017 (current_events.rules)
2826137 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 27 2017 (current_events.rules)
2826138 - ETPRO CURRENT_EVENTS Email Settings Verification Phishing Landing Apr 27 2017 (current_events.rules)
2826139 - ETPRO CURRENT_EVENTS Successful Email Settings Verification Phish Apr 27 2017 (current_events.rules)
2826140 - ETPRO CURRENT_EVENTS Adobe Protected PDF Phishing Landing Apr 27 2017 (current_events.rules)
2826141 - ETPRO CURRENT_EVENTS Successful HM Revenue & Customs Phish Apr 27 2017 (current_events.rules)
2826142 - ETPRO TROJAN Cobalt Strike Trial HTTP Response Header (X-Malware) (trojan.rules)
2826143 - ETPRO TROJAN Cobalt Strike Trial HTTP Response Header (EICAR) (trojan.rules)
2826144 - ETPRO CURRENT_EVENTS Successful Facebook Phish Apr 27 2017 (current_events.rules)
2826145 - ETPRO TROJAN Malicious SSL Certificate Detected (CobaltStrike Dropper) (trojan.rules)
2826146 - ETPRO CURRENT_EVENTS Successful Apple Phish Apr 27 2017 (current_events.rules)
2826147 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 27 2017 (current_events.rules)
2826148 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Contact Exfil (mobile_malware.rules)
2826149 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible Locky/Dridex (HTTP) (trojan.rules)
2826150 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible Locky/Dridex M1 (trojan.rules)
2826151 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible Locky/Dridex M2 (trojan.rules)
2826152 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible Locky/Dridex M3 (trojan.rules)
2826153 - ETPRO TROJAN MSIL/ClipBanker.BT CnC Checkin (trojan.rules)
2826154 - ETPRO TROJAN Cobalt Strike Malleable C2 Webbug Profile (trojan.rules)
2826155 - ETPRO MALWARE Wizzcaster Adware/PUP Downloads Inbound (malware.rules)
2826156 - ETPRO TROJAN JS Loader PE Download (trojan.rules)
2826157 - ETPRO TROJAN JS Loader Payload Request (trojan.rules)
2826158 - ETPRO CURRENT_EVENTS Successful Amazon Phish via JS Form in PDF Apr 27 2017 (current_events.rules)
2826159 - ETPRO INFO Possible Successful Credential Phish via JS Form in PDF Apr 27 2017 (info.rules)

[///]     Modified active rules:     [///]

2017787 - ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon (mobile_malware.rules)

[---]         Removed rules:         [---]

2022911 - ET MALWARE LoadMoney User-Agent (malware.rules)
2022987 - ET TROJAN LoadMoney Checkin 3 (trojan.rules)
2805850 - ETPRO TROJAN Loadmoney.A Checkin 1 (trojan.rules)
2805851 - ETPRO TROJAN Loadmoney.A Checkin 2 (trojan.rules)
2806326 - ETPRO TROJAN Loadmoney.A Checkin 3 (trojan.rules)
2806385 - ETPRO TROJAN Loadmoney.A Checkin 4 (trojan.rules)
2807004 - ETPRO TROJAN Loadmoney.A Checkin 6 (trojan.rules)
2807025 - ETPRO TROJAN Loadmoney.A Checkin 7 (trojan.rules)
2807235 - ETPRO TROJAN Loadmoney.A Checkin 5 (trojan.rules)
2808508 - ETPRO TROJAN Loadmoney.A Checkin 8 (trojan.rules)
2809822 - ETPRO TROJAN Loadmoney Checkin (trojan.rules)
2810086 - ETPRO TROJAN Win32.Loadmoney Checkin 2 (trojan.rules)
2810094 - ETPRO MALWARE Win32.LoadMoney User Agent (malware.rules)
2810544 - ETPRO TROJAN Loadmoney Checkin 2 (trojan.rules)
2812429 - ETPRO TROJAN Win32/Kryptik.DTJT Downloader GET (trojan.rules)
2812650 - ETPRO MALWARE Win32/Kryptik.DUHH Variant Activity (malware.rules)
2814730 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.EC Checkin (mobile_malware.rules)
2822127 - ETPRO MOBILE_MALWARE Riskware Android/Packed.Jiagu.A Checkin (mobile_malware.rules)
 

Date: 
Thursday, April 27, 2017 - 00:00