Daily Ruleset Update Summary 2017/06/26

[***]            Summary:            [***]

4 new Open, 37 new Pro (4 + 33). OceanLotus, Naoinstalad, Chthonic, Various Phishing, Various Mobile.

Thanks: MS-iSAC (@cisecurity)

[+++]          Added rules:          [+++]

Open:

2024425 - ET TROJAN OSX OceanLotus Checkin (trojan.rules)
2024426 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a CnC Beacon (mobile_malware.rules)
2024427 - ET TROJAN Naoinstalad Checkin (trojan.rules)
2024428 - ET TROJAN Powershell/Unknown CnC Checkin (trojan.rules)

Pro:

2826860 - ETPRO CURRENT_EVENTS Successful Adobe ID Phish Jun 26 2017 (current_events.rules)
2826861 - ETPRO CURRENT_EVENTS Successful American Express Phish Jun 26 2017 (current_events.rules)
2826862 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Jun 26 2017 (current_events.rules)
2826863 - ETPRO CURRENT_EVENTS Successful American Express Phish M2 Jun 26 2017 (current_events.rules)
2826864 - ETPRO CURRENT_EVENTS Successful American Express Phish M3 Jun 26 2017 (current_events.rules)
2826865 - ETPRO CURRENT_EVENTS Successful American Express Phish M4 Jun 26 2017 (current_events.rules)
2826866 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)
2826867 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Jun 26 2017 (current_events.rules)
2826868 - ETPRO CURRENT_EVENTS Successful ATT Phish Jun 26 2017 (current_events.rules)
2826869 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish Jun 26 2017 (current_events.rules)
2826870 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay SMS Exfil (mobile_malware.rules)
2826871 - ETPRO TROJAN Chthonic Zip/JS Download Attempt (trojan.rules)
2826872 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jun 26 2017 (current_events.rules)
2826873 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 159 (mobile_malware.rules)
2826874 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 160 (mobile_malware.rules)
2826875 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jun 26 2017 (current_events.rules)
2826876 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Jun 26 2017 (current_events.rules)
2826877 - ETPRO TROJAN Win32/Androm.nmwm Reporting Infection via SMTP (trojan.rules)
2826878 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 26 2017 (current_events.rules)
2826879 - ETPRO TROJAN Win32/Alureon CnC Beacon (trojan.rules)
2826880 - ETPRO MALWARE Win32/Packed.FlyStudio.AA CnC Beacon (malware.rules)
2826881 - ETPRO CURRENT_EVENTS Possible Successful Generic Brasil Banking Phish Jun 26 2017 (current_events.rules)
2826882 - ETPRO CURRENT_EVENTS Successful Santander Phish M4 Jun 26 2017 (current_events.rules)
2826883 - ETPRO CURRENT_EVENTS Successful Santander Phish M5 Jun 26 2017 (current_events.rules)
2826884 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 12 (mobile_malware.rules)
2826885 - ETPRO CURRENT_EVENTS Successful Santander Phish M6 Jun 26 2017 (current_events.rules)
2826886 - ETPRO CURRENT_EVENTS Successful Santander Phish M7 Jun 26 2017 (current_events.rules)
2826887 - ETPRO CURRENT_EVENTS Successful Santander Phish M8 Jun 26 2017 (current_events.rules)
2826888 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jun 26 2017 (current_events.rules)
2826889 - ETPRO TROJAN Win32.Cybergate RAT SQLite DL (trojan.rules)
2826890 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jun 26 2017 (current_events.rules)
2826891 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jun 26 2017 (current_events.rules)
2826892 - ETPRO CURRENT_EVENTS Successful Paypal Phish (DE) Jun 26 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2013290 - ET POLICY MOBILE Apple device leaking UDID from SpringBoard via GET (policy.rules)
2023553 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin (mobile_malware.rules)
2803760 - ETPRO TROJAN Worm.Win32.AutoTsifiri.n DNS Tunnel (trojan.rules)
2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)
2826593 - ETPRO TROJAN Possible Chthonic DNS Lookup (trojan.rules)
2826837 - ETPRO TROJAN KaroCrypt Ransomware Onion Domain (trojan.rules)
2826840 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826842 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)

Date: 
Monday, June 26, 2017 - 00:00