Daily Ruleset Update Summary 2017/06/30

[***]            Summary:            [***]

5 new Open, 30 new Pro (5 + 25). Formbook 0.3, TTIger Tech Keylogger, Various Phishing, Various Mobile.

Thanks: @abuse_ch

[+++]          Added rules:          [+++]

Open:

2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
2024437 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2) (trojan.rules)
2024438 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2) (trojan.rules)
2024439 - ET TROJAN ABUSE.CH Ransomware/Cerber Onion Domain Lookup (trojan.rules)
2024440 - ET TROJAN ABUSE.CH Ransomware/Cerber Onion Domain Lookup (trojan.rules)

Pro:

2826955 - ETPRO TROJAN TTIger Tech Keylogger Reporting Infection via SMTP (trojan.rules)
2826956 - ETPRO TROJAN XMRig CoinMiner Known Malicious Stratum Authline (trojan.rules)
2826957 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 163 (mobile_malware.rules)
2826958 - ETPRO MOBILE_MALWARE Android/Spy.Agent.WH Checkin (mobile_malware.rules)
2826959 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2826960 - ETPRO TROJAN Unknown Checkin 2 (trojan.rules)
2826961 - ETPRO CURRENT_EVENTS Successful iCloud Phish - POST to Title over non SSL (current_events.rules)
2826962 - ETPRO CURRENT_EVENTS Successful Google Docs Phish - POST to Title over non SSL (current_events.rules)
2826963 - ETPRO CURRENT_EVENTS Successful Docusign Phish - POST to Title over non SSL (current_events.rules)
2826964 - ETPRO CURRENT_EVENTS Successful Dropbox Phish - POST to Title over non SSL (current_events.rules)
2826965 - ETPRO CURRENT_EVENTS Successful Alibaba Phish - POST to Title over non SSL (current_events.rules)
2826966 - ETPRO CURRENT_EVENTS Successful Yahoo Phish - POST to Title over non SSL (current_events.rules)
2826967 - ETPRO CURRENT_EVENTS Successful Paypal Phish - POST to Title over non SSL (current_events.rules)
2826968 - ETPRO CURRENT_EVENTS Successful Excel Online Phish - POST to Title over non SSL (current_events.rules)
2826969 - ETPRO CURRENT_EVENTS Successful Free Mobile Phish - POST to Title over non SSL (current_events.rules)
2826970 - ETPRO CURRENT_EVENTS Successful AOL Mail Phish - POST to Title over non SSL (current_events.rules)
2826971 - ETPRO CURRENT_EVENTS Successful OWA Mail Phish - POST to Title over non SSL (current_events.rules)
2826972 - ETPRO CURRENT_EVENTS Successful OWA Mail Phish - POST to Title over non SSL (current_events.rules)
2826973 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish - POST to Title over non SSL (current_events.rules)
2826974 - ETPRO CURRENT_EVENTS Successful Yahoo Phish - POST to Title over non SSL (current_events.rules)
2826975 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish - POST to Title over non SSL (current_events.rules)
2826976 - ETPRO CURRENT_EVENTS Successful DHL Phish - POST to Title over non SSL (current_events.rules)
2826977 - ETPRO CURRENT_EVENTS Successful Adobe ID Phish - POST to Title over non SSL (current_events.rules)
2826978 - ETPRO CURRENT_EVENTS Successful Facebook Phish - POST to Title over non SSL (current_events.rules)
2826979 - ETPRO CURRENT_EVENTS Successful Dropbox Phish - POST to Title over non SSL (current_events.rules)

[///]     Modified active rules:     [///]

2012063 - ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (CVE-2009-3103) (exploit.rules)
2812980 - ETPRO MOBILE_MALWARE Android.Trojan.Damruved.A Checkin (mobile_malware.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll) (trojan.rules)
2825564 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) (trojan.rules)
2826105 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (li) (trojan.rules)

[---]         Removed rules:         [---]

2824187 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.c Checkin (mobile_malware.rules)

Date: 
Friday, June 30, 2017 - 00:00