Daily Ruleset Update Summary 2017/05/03

[***]            Summary:            [***]

4 new Open, 33 new Pro (4 + 29). Casper/LEAD DNS Lookup, KONNI, Google App Oauth Phish, Various Mobile

Thanks: @_k4b00m_, MS-ISAC (@CISecurity)

[+++]          Added rules:          [+++]

Open:

2024266 - ET CURRENT_EVENTS Successful Google App Oauth Phish M1 Mar 3 2017 (current_events.rules)
2024267 - ET CURRENT_EVENTS Successful Google App Oauth Phish M2 Mar 3 2017 (current_events.rules)
2024268 - ET CURRENT_EVENTS Successful Google App Oauth Phish M3 Mar 3 2017 (current_events.rules)
2024269 - ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3 2017 (current_events.rules)

Pro:

2826215 - ETPRO TROJAN Win32/TrojanDownloader.Delf.BQI Checkin (trojan.rules)
2826216 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826217 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware (Lockify) CnC Checkin (trojan.rules)
2826218 - ETPRO TROJAN MSIL/Hidden-Tear Variant CnC Checkin (trojan.rules)
2826219 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826220 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826221 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826222 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826223 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826224 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826225 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826226 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826227 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826228 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826229 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 1 (trojan.rules)
2826230 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 2 (trojan.rules)
2826231 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 3 (trojan.rules)
2826232 - ETPRO TROJAN Unknown Stealer Checkin 2 (trojan.rules)
2826233 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 2 (mobile_malware.rules)
2826234 - ETPRO POLICY Known Vulnerable Intel AMT Version Detected Outbound (policy.rules)
2826235 - ETPRO SCAN Possible Intel AMT Login Attempt Detected (scan.rules)
2826236 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP (mobile_malware.rules)
2826237 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP (mobile_malware.rules)
2826238 - ETPRO MALWARE MSIL/PipOffers Adware/PUP Activity (malware.rules)
2826239 - ETPRO MALWARE Observed Adware/PUP User-Agent (OfferCast) (malware.rules)
2826240 - ETPRO TROJAN KONNI Checkin (trojan.rules)
2826241 - ETPRO TROJAN KONNI Retrieving Payload (trojan.rules)
2826242 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 5 (mobile_malware.rules)
2826243 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 6 (mobile_malware.rules)

[///]     Modified active rules:     [///]

Addition of "former_category" metadata modified > 2000 rules. Full list here:
https://rules.emergingthreats.net/changelogs/suricata-1.3-enhanced.etpro.2017-05-03T21:19:44.txt
 

Date: 
Wednesday, May 3, 2017 - 00:00