Daily Ruleset Update Summary 2017/06/06

[***]            Summary:            [***]

2 new Open, 10 new Pro (2 + 8). ETERNALROCKS Module DL, Various Mobile.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024351 - ET TROJAN Executioner Ransomware Reporting Infection via SMTP  (trojan.rules)
2024352 - ET TROJAN MSIL/Unk.HT-Based Ransomware CnC Checkin (trojan.rules)

Pro:

2826632 - ETPRO MOBILE_MALWARE Android/G5P.BH CnC Beacon (mobile_malware.rules)
2826633 - ETPRO CURRENT_EVENTS Possible ETERNALROCKS .Net Module Download (current_events.rules)
2826634 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 3 (mobile_malware.rules)
2826635 - ETPRO MALWARE PUP.UnityWebPlugin Checkin (malware.rules)
2826636 - ETPRO CURRENT_EVENTS SocEng Leading to Download June 6 2017 (current_events.rules)
2826637 - ETPRO TROJAN Squiblydoo Scriptlet Download (trojan.rules)
2826638 - ETPRO MALWARE Win32/TrojanDownloader.Banload Post Request (malware.rules)
2826639 - ETPRO TROJAN Malicious SSL certificate detected (PupyRat) (trojan.rules)

[///]     Modified active rules:     [///]

2000347 - ET TROJAN IRC Private message on non-standard port (trojan.rules)
2012981 - ET TROJAN Possible FakeAV Binary Download (Security) (trojan.rules)
2024224 - ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request (web_client.rules)
2024349 - ET CURRENT_EVENTS SUSPICIOUS DNS Request for Grey Advertising Often Leading to EK (current_events.rules)
2024350 - ET CURRENT_EVENTS SUSPICIOUS Request for Grey Advertising Often Leading to EK (current_events.rules)
2819903 - ETPRO TROJAN App Whitelist Bypass Via Com Scriptlet Inbound (trojan.rules)
2820175 - ETPRO TROJAN Possible Betabot Module Download (trojan.rules)
2821014 - ETPRO WEB_CLIENT suspicious .CAB containing single executable file (observed in maldoc campaign) (web_client.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
2826441 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 4 (mobile_malware.rules)
2826589 - ETPRO TROJAN Win32/Neshta.A Download Request (trojan.rules)

[---]         Removed rules:         [---]

2803698 - ETPRO TROJAN Backdoor.Win32.Protux.B Checkin 2 (trojan.rules)

Date: 
Tuesday, June 6, 2017 - 00:00