Daily Ruleset Update Summary 2017/05/04

[***]            Summary:            [***]

15 new Open, 21 new Pro (15 + 6). Kazuar, Turla Snake OSX DNS Lookup, Emotet, OzazaLocker, Various Mobile

Thanks: Kevin Ross, @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024270 - ET TROJAN Kazuar CnC Beacon (trojan.rules)
2024271 - ET TROJAN Turla Snake OSX DNS Lookup (car-service .effers.com) (trojan.rules)
2024272 - ET TROJAN W32.Geodo/Emotet Checkin (trojan.rules)
2024273 - ET TROJAN SuperCMD CnC Beacon (trojan.rules)
2024274 - ET TROJAN W32/Emotet CnC Beacon 1 (trojan.rules)
2024275 - ET TROJAN W32/Emotet CnC Beacon 2 (trojan.rules)
2024276 - ET TROJAN MSIL/OzazaLocker Ransomware CnC Checkin (trojan.rules)

Pro:

2826248 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 2 (mobile_malware.rules)
2826249 - ETPRO MOBILE_MALWARE Android ShadowTDS Response (mobile_malware.rules)
2826250 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 2 (mobile_malware.rules)
2826251 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 3 (mobile_malware.rules)
2826252 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP 2 (mobile_malware.rules)
2826253 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil via SMTP 2 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2825135 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil via SMTP (mobile_malware.rules)

[---]         Removed rules:         [---]

2823570 - ETPRO TROJAN W32.Geodo/Emotet Checkin (trojan.rules)
 

Date: 
Thursday, May 4, 2017 - 00:00