Daily Ruleset Update Summary 2017/06/05

[***]            Summary:            [***]

3 new Open, 25 new Pro (3 + 22). RoughTed, Win32/Fireball, SocEng IE/Edge ArialFont DL, Various Phishing, Various Mobile.

Thanks: MS-iSAC (@CISecurity)

[+++]          Added rules:          [+++]

Open:

2024348 - ET TROJAN Win32/Fireball Activity (trojan.rules)
2024349 - ET CURRENT_EVENTS Observed DNS Query for RoughTed Malvertising Domain (current_events.rules)
2024350 - ET CURRENT_EVENTS RoughTed Malvertising Request (current_events.rules)

Pro:

2826589 - ETPRO TROJAN Win32/Neshta.A Download Request (trojan.rules)
2826611 - ETPRO CURRENT_EVENTS Blockchain Phishing Landing Jun 02 2017 (current_events.rules)
2826612 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Jun 02 2017 (current_events.rules)
2826613 - ETPRO TROJAN ColorFish Requesting Main Payload (trojan.rules)
2826614 - ETPRO TROJAN ColorFish CnC Checkin (trojan.rules)
2826615 - ETPRO TROJAN ColorFish Requesting Additional Modules (trojan.rules)
2826616 - ETPRO TROJAN ColorFish CnC Beacon (trojan.rules)
2826617 - ETPRO CURRENT_EVENTS Successful iCloud Phish Jun 04 2017 (current_events.rules)
2826618 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 138 (mobile_malware.rules)
2826619 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 139 (mobile_malware.rules)
2826620 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rymner.f CnC Beacon (mobile_malware.rules)
2826621 - ETPRO CURRENT_EVENTS Free Airfare Phish Landing Response June 05 2017 (current_events.rules)
2826622 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Jun 05 2017 (current_events.rules)
2826623 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M2 Jun 05 2017 (current_events.rules)
2826624 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon (mobile_malware.rules)
2826625 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 2 (mobile_malware.rules)
2826626 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 3 (mobile_malware.rules)
2826627 - ETPRO CURRENT_EVENTS Evil Redirector Leading to RigEK Jun 05 2017 (current_events.rules)
2826628 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Tupgad.a CnC Beacon (mobile_malware.rules)
2826629 - ETPRO TROJAN Unk.Miner Checkin (trojan.rules)
2826630 - ETPRO CURRENT_EVENTS Possible SocEng IE/Edge ArialFont DL Jun 05 M1 (current_events.rules)
2826631 - ETPRO TROJAN Malicious JS SSL Certificate Detected (trojan.rules)

[///]     Modified active rules:     [///]

2019378 - ET TROJAN Gozi Checkin (trojan.rules)
2805133 - ETPRO TROJAN Win32/Zegost.Z CnC Traffic (trojan.rules)
2807357 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin (mobile_malware.rules)
2819903 - ETPRO TROJAN App Whitelist Bypass Via Com Scriptlet Inbound (trojan.rules)
2826508 - ETPRO MALWARE Win32.EoRezo.AB Checkin (malware.rules)

[---]         Removed rules:         [---]

2826589 - ETPRO MALWARE MSIL/TrojanDropper.Agent Download Request (malware.rules)
 

Date: 
Monday, June 5, 2017 - 00:00