Daily Ruleset Update Summary 2017/06/23

[***]            Summary:            [***]

5 new Open, 30 new Pro (5 + 25). x0Proto, KaroCrypt Domain, Various Mobile.

Thanks: @lowson

[+++]          Added rules:          [+++]

Open:

2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif) (trojan.rules)
2024421 - ET ATTACK_RESPONSE Possible BeEF HTTP Headers Inbound (attack_response.rules)
2024422 - ET CURRENT_EVENTS Amazon Phish Landing Jun 22 (current_events.rules)
2024423 - ET TROJAN x0Proto File Contents Exfil Request (trojan.rules)
2024424 - ET TROJAN x0Proto File Info Request (trojan.rules)

Pro:

2826835 - ETPRO MOBILE_MALWARE Android/Clicker.HA Checkin (mobile_malware.rules)
2826836 - ETPRO MOBILE_MALWARE Android/Clicker.HA Checkin 2 (mobile_malware.rules)
2826837 - ETPRO TROJAN KaroCrypt Ransomware Onion Domain (trojan.rules)
2826838 - ETPRO CURRENT_EVENTS Magnitude EK (magnigate) Jun 23 2017 (current_events.rules)
2826839 - ETPRO TROJAN Win32/Unk.Dropper Checkin (trojan.rules)
2826840 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826841 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2826842 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2826843 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 8 (mobile_malware.rules)
2826844 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Contact Exfil via SMTP 6 (mobile_malware.rules)
2826845 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 8 (mobile_malware.rules)
2826846 - ETPRO TROJAN Win32/Mail.ru Downloader PUA (trojan.rules)
2826847 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 157 (mobile_malware.rules)
2826848 - ETPRO TROJAN DNS Query to Cerber Domain (15qq4s . top) (trojan.rules)
2826849 - ETPRO TROJAN DNS Query to Cerber Domain (asd3r3 . win) (trojan.rules)
2826850 - ETPRO TROJAN DNS Query to Cerber Domain (16l1zt . top) (trojan.rules)
2826851 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 158 (mobile_malware.rules)
2826852 - ETPRO TROJAN DNS Query to Cerber Domain (1gy9bo . top) (trojan.rules)
2826853 - ETPRO TROJAN DNS Query to Cerber Domain (17rm9b . top) (trojan.rules)
2826854 - ETPRO TROJAN DNS Query to Cerber Domain (1apgrn . top) (trojan.rules)
2826855 - ETPRO TROJAN DNS Query to Cerber Domain (1k6bas . top) (trojan.rules)
2826856 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . top) (trojan.rules)
2826857 - ETPRO TROJAN DNS Query to Cerber Domain (1azkux . top) (trojan.rules)
2826858 - ETPRO TROJAN DNS Query to Cerber Domain (12uzfa . top) (trojan.rules)
2826859 - ETPRO TROJAN DNS Query to Cerber Domain (179tnk . top) (trojan.rules)

[///]     Modified active rules:     [///]

2808934 - ETPRO MOBILE_MALWARE Android.Trojan.AgentSpy.P SMS Exfil (mobile_malware.rules)
2825132 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
2826834 - ETPRO MALWARE Downloader.NSIS.AdLoad Activity (malware.rules)
 

Date: 
Friday, June 23, 2017 - 00:00