Daily Ruleset Update Summary 2017/07/06

[***]            Summary:            [***]

2 new Open, 33 new Pro (2 + 31). Dukey PUA, Various Phishing, Various Mobile.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024297 - ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 (exploit.rules)
2024430 - ET EXPLOIT Possible ETERNALBLUE Exploit M3 MS17-010 (exploit.rules)

Pro:

2827005 - ETPRO TROJAN W32.DriverPack PUP Checkin (trojan.rules)
2827006 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 169 (mobile_malware.rules)
2827007 - ETPRO MALWARE Dukey PUA Checkin (malware.rules)
2827008 - ETPRO TROJAN MSIL/TeleBot.Backdoor Beacon To CnC (trojan.rules)
2827009 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP 3 (mobile_malware.rules)
2827010 - ETPRO TROJAN Win32/Filecoder.FF Ransomware Domain in SNI (trojan.rules)
2827011 - ETPRO TROJAN DNS Query to Cerber Domain (1ewuh5 . top) (trojan.rules)
2827012 - ETPRO TROJAN DNS Query to Cerber Domain (1ltyev . top) (trojan.rules)
2827013 - ETPRO TROJAN DNS Query to Cerber Domain (18dwag . top) (trojan.rules)
2827014 - ETPRO TROJAN DNS Query to Cerber Domain (1jyrty . top) (trojan.rules)
2827015 - ETPRO TROJAN DNS Query to Cerber Domain (1t2jhk . top) (trojan.rules)
2827016 - ETPRO TROJAN DNS Query to Cerber Domain (18ggbf . top) (trojan.rules)
2827017 - ETPRO TROJAN DNS Query to Cerber Domain (16umxg . top) (trojan.rules)
2827018 - ETPRO TROJAN DNS Query to Cerber Domain (17ipn9 . top) (trojan.rules)
2827019 - ETPRO TROJAN DNS Query to Cerber Domain (1cgbcv . top) (trojan.rules)
2827020 - ETPRO TROJAN DNS Query to Cerber Domain (1gyvrz . top) (trojan.rules)
2827021 - ETPRO TROJAN DNS Query to Cerber Domain (1e47tj . top) (trojan.rules)
2827022 - ETPRO TROJAN DNS Query to Cerber Domain (1e1y8p . top) (trojan.rules)
2827023 - ETPRO TROJAN DNS Query to Cerber Domain (1blery . top) (trojan.rules)
2827024 - ETPRO TROJAN DNS Query to Cerber Domain (1kjhhf . top) (trojan.rules)
2827025 - ETPRO TROJAN DNS Query to Cerber Domain (15ezkm . top) (trojan.rules)
2827026 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827027 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
2827028 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 5 (mobile_malware.rules)
2827029 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil via SMTP 4 (mobile_malware.rules)
2827030 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2827031 - ETPRO CURRENT_EVENTS Successful Chase Phish Jul 06 2017 (current_events.rules)
2827032 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 06 2017 (current_events.rules)
2827033 - ETPRO CURRENT_EVENTS Successful ING Phish Jul 06 2017 (current_events.rules)
2827034 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 (current_events.rules)
2827035 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Jul 06 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2826866 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)
2826880 - ETPRO MALWARE Win32/Packed.FlyStudio.AA CnC Beacon (malware.rules)

[---]         Removed rules:         [---]

2024297 - ET CURRENT_EVENTS ETERNALBLUE Exploit M2 MS17-010 (current_events.rules)
2024430 - ET CURRENT_EVENTS Possible ETERNALBLUE Exploit M3 MS17-010 (current_events.rules)
 

Date: 
Thursday, July 6, 2017 - 00:00