Daily Ruleset Update Summary 2017/06/07

[***]            Summary:            [***]

11 new Open, 30 new Pro (11 + 19). SunDown EK RIP Landing, Win32/IRCBot.AVI, Various Mobile.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024353 - ET CURRENT_EVENTS SunDown EK RIP Landing M1 B641 (current_events.rules)
2024354 - ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642 (current_events.rules)
2024355 - ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643 (current_events.rules)
2024356 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B641 (current_events.rules)
2024357 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B642 (current_events.rules)
2024358 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B643 (current_events.rules)
2024359 - ET CURRENT_EVENTS SunDown EK RIP Landing M3 B641 (current_events.rules)
2024360 - ET CURRENT_EVENTS SunDown EK RIP Landing M3 B642 (current_events.rules)
2024361 - ET CURRENT_EVENTS SunDown EK RIP Landing M3 B643 (current_events.rules)
2024362 - ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641 (current_events.rules)
2024363 - ET CURRENT_EVENTS SunDown EK RIP Landing M4 B642 (current_events.rules)

Pro:

2826640 - ETPRO TROJAN HiddenTear Ransomware KKK Variant DNS Lookup (trojan.rules)
2826641 - ETPRO TROJAN HiddenTear Ransomware KKK Variant DNS Lookup (trojan.rules)
2826642 - ETPRO TROJAN Win32/IRCBot.AVI Checkin (trojan.rules)
2826643 - ETPRO TROJAN Win32/IRCBot.AVI Command (Keylog) (trojan.rules)
2826644 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (Flood) (trojan.rules)
2826645 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (Keylog) (trojan.rules)
2826646 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (HTTP DoS) (trojan.rules)
2826647 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (DDoS) (trojan.rules)
2826648 - ETPRO TROJAN Win32/IRCBot.AVI Joinning IRC Channel (trojan.rules)
2826649 - ETPRO TROJAN MSIL/Unk.RAT CnC Checkin (trojan.rules)
2826650 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 140 (mobile_malware.rules)
2826651 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 141 (mobile_malware.rules)
2826652 - ETPRO CURRENT_EVENTS Successful Facebook Phish Jun 072017 (current_events.rules)
2826653 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 142 (mobile_malware.rules)
2826654 - ETPRO TROJAN APT19 PS Checkin (trojan.rules)
2826655 - ETPRO CURRENT_EVENTS Successful Webhostapp Hosted Generic Phish Jun 072017 (current_events.rules)
2826656 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2826657 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Dingwe.a Checkin 2 (mobile_malware.rules)
2826658 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Dingwe.a SMS/Contact Exfil (mobile_malware.rules)

[///]     Modified active rules:     [///]

2013372 - ET TROJAN Win32/Oliga Fake User Agent (trojan.rules)
2024224 - ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request (web_client.rules)
2024349 - ET CURRENT_EVENTS SUSPICIOUS DNS Request for Grey Advertising Often Leading to EK (current_events.rules)
2024350 - ET CURRENT_EVENTS SUSPICIOUS Request for Grey Advertising Often Leading to EK (current_events.rules)
2820175 - ETPRO TROJAN Possible Betabot Module Download (trojan.rules)

[---]         Disabled rules:        [---]

2800838 - ETPRO WEB_CLIENT Adobe Shockwave Director tSAC Chunk Parsing Memory Corruption (web_client.rules)
 

Date: 
Wednesday, June 7, 2017 - 00:00