Daily Ruleset Update Summary 2017/05/18

[***]            Summary:            [***]

3 new Open, 16 new Pro (3 + 13). ASPC Bot, EasyLocker, Loki Bot, Adylkuzz CnC, ASPC Bot, Various Mobile.

Thanks: Kevin Ross

[+++]          Added rules:          [+++]

Open:

2024320 - ET TROJAN MSIL/EasyLocker Ransomware CnC Activity (trojan.rules)
2024321 - ET TROJAN Win32/ASPC Bot CnC Checkin M2 (trojan.rules)
2024322 - ET TROJAN Win32/ASPC Bot CnC Checkin M1 (trojan.rules)

Pro:

2826431 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay SMS Exfil 3 (mobile_malware.rules)
2826432 - ETPRO TROJAN Unknown Backdoor Request May 17 2017 (trojan.rules)
2826433 - ETPRO TROJAN GhostAdmin/KeyTrap/BlakStar Requesting Config M1 (trojan.rules)
2826434 - ETPRO TROJAN GhostAdmin/KeyTrap/BlakStar Requesting Config M2 (trojan.rules)
2826435 - ETPRO TROJAN APT.Enfal SSL Cert - Downloaded by Cmstar (trojan.rules)
2826436 - ETPRO TROJAN Steam PWS CnC Checkin (trojan.rules)
2826437 - ETPRO TROJAN Observed Malicious SSL Cert (Orcus RAT) (trojan.rules)
2826438 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 120 (mobile_malware.rules)
2826439 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2826440 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil via SMTP (mobile_malware.rules)
2826441 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 4 (mobile_malware.rules)
2826443 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 5 (mobile_malware.rules)
2826444 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 6 (mobile_malware.rules)

 [///]     Modified active rules:     [///]

2022006 - ET TROJAN Agent Tesla Keylogger Report SMTP (trojan.rules)
2024291 - ET TROJAN Possible WannaCry DNS Lookup 1 (trojan.rules)
2024293 - ET TROJAN Possible WannaCry DNS Lookup 2 (trojan.rules)
2024294 - ET TROJAN Possible WannaCry DNS Lookup 3 (trojan.rules)
2024295 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)
2024296 - ET TROJAN Possible WannaCry DNS Lookup (trojan.rules)
 

Date: 
Thursday, May 18, 2017 - 00:00