Daily Ruleset Update Summary 2017/06/27

[***]            Summary:            [***]

3 new Open, 17 new Pro (3 + 14). Petya Ransomware via ETERNALBLUE Exploit M3 MS17-010, Nomri, Various Phishing, Various Mobile.

Thanks: @MalwareKiwi, @clowson

[+++]          Added rules:          [+++]

Open:

2012063 - ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (CVE-2009-3103) (exploit.rules)
2024429 - ET TROJAN Unknown NetworkWorm Checkin (trojan.rules)
2024430 - ET CURRENT_EVENTS Possible ETERNALBLUE Exploit M3 MS17-010 (current_events.rules)

Pro:

2826893 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 27 2017 (current_events.rules)
2826894 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Jun 27 2017 (current_events.rules)
2826895 - ETPRO TROJAN AgentTesla Sending Screenshot via SMTP (trojan.rules)
2826896 - ETPRO TROJAN Win32/InstallCore CnC Activity (trojan.rules)
2826897 - ETPRO CURRENT_EVENTS Phantom Phishing Landing (Various Brands) Jun 27 2017 (current_events.rules)
2826898 - ETPRO CURRENT_EVENTS Possible Successful Phantom Phish (Various Brands) Jun 27 2017 (current_events.rules)
2826899 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 161 (mobile_malware.rules)
2826900 - ETPRO TROJAN Nomri (Cmstar related) SSL Cert (trojan.rules)
2826901 - ETPRO MOBILE_MALWARE Android Trojan-Spy Unknown Contact/SMS Exfil (mobile_malware.rules)
2826902 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.if Contact Exfil via SMTP (mobile_malware.rules)
2826903 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.if SMS Exfil via SMTP (mobile_malware.rules)
2826904 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826905 - ETPRO CURRENT_EVENTS Capital One Phishing Landing Jun 28 2017 (current_events.rules)
2826906 - ETPRO CURRENT_EVENTS Successful Capital One Phish Jun 28 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2012328 - ET MALWARE All Numerical .ru Domain Lookup Likely Malware Related (malware.rules)
2012649 - ET MALWARE All Numerical .ru Domain HTTP Request Likely Malware Related (malware.rules)
2822890 - ETPRO TROJAN W32.Cerber Ransomware README.hta HTTP Referer (trojan.rules)
2826787 - ETPRO TROJAN Unknown Targeted MSIL Payload CnC Beacon (trojan.rules)
2826877 - ETPRO TROJAN AgentTesla Reporting Infection via SMTP (trojan.rules)

[---]         Removed rules:         [---]

2012063 - ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (netbios.rules)

Date: 
Tuesday, June 27, 2017 - 00:00