Daily Ruleset Update Summary 2017/07/17

[***]            Summary:            [***]

1 new Open, 37 new Pro (1 + 36). Reyptson|Erebus Ransomware, AlinaPOS, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024469 - ET TROJAN Observed Malicious DNS Query (Reyptson Ransomware CnC) (trojan.rules)

Pro:

2827147 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jul 17 2017 (current_events.rules)
2827148 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 17 2017 (current_events.rules)
2827149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14 2) (trojan.rules)
2827150 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14 3) (trojan.rules)
2827151 - ETPRO TROJAN Erebus Ransomware Onion Domain (gbe0 . top) (trojan.rules)
2827152 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14 4) (trojan.rules)
2827153 - ETPRO CURRENT_EVENTS Successful Generic Phish Jul 17 2017 (current_events.rules)
2827154 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS July 16 2017 (current_events.rules)
2827155 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 177 (mobile_malware.rules)
2827156 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 178 (mobile_malware.rules)
2827157 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS July 16 2017 2 (current_events.rules)
2827158 - ETPRO TROJAN Win32/Banload.VXC CnC Activity (trojan.rules)
2827159 - ETPRO MALWARE Win32/Catalina PUA Downloader Checkin (malware.rules)
2827160 - ETPRO MALWARE Win32/Catalina PUA Downloader Retrieving Payload (Citrio) (malware.rules)
2827161 - ETPRO TROJAN Win32/FileCoder.Philadelphia DNS Query (trojan.rules)
2827162 - ETPRO POLICY DNS Query to .onion proxy Domain (grams . site) (policy.rules)
2827163 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . dog) (policy.rules)
2827164 - ETPRO TROJAN DNS Query to TorrentLocker Domain (jhfuhkg . pl) (trojan.rules)
2827165 - ETPRO TROJAN Erebus Ransomware Onion Domain (trojan.rules)
2827166 - ETPRO TROJAN Erebus Ransomware Onion Domain (trojan.rules)
2827167 - ETPRO TROJAN AlinaPOS Checkin 1 (trojan.rules)
2827168 - ETPRO TROJAN AlinaPOS Checkin 2 (trojan.rules)
2827169 - ETPRO TROJAN AlinaPOS IP Check (whatismyipaddress .com) (trojan.rules)
2827170 - ETPRO CURRENT_EVENTS Erebus Infected Site (current_events.rules)
2827171 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BDG Checkin (mobile_malware.rules)
2827172 - ETPRO TROJAN Win32.Snojan.bojb Version Check (trojan.rules)
2827173 - ETPRO TROJAN Zyklon Malicious Domain in SNI Observed (trojan.rules)
2827174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 1) (trojan.rules)
2827175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 2) (trojan.rules)
2827176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 3) (trojan.rules)
2827177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 4) (trojan.rules)
2827178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 5) (trojan.rules)
2827179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 6) (trojan.rules)
2827180 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish (set) Jul 17 2017 (current_events.rules)
2827181 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish Jul 17 2017 (current_events.rules)
2827182 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 4 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2013508 - ET TROJAN Downloader User-Agent HTTPGET (trojan.rules)
2024392 - ET CURRENT_EVENTS Possible Excel Online Phishing Landing - Title over non SSL (current_events.rules)
2024442 - ET TROJAN Tinba Banker CnC Response (trojan.rules)
2024454 - ET TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-11 1) (trojan.rules)
2814241 - ETPRO CURRENT_EVENTS Successful Alibaba Credential Phish Oct 5 2015 (current_events.rules)
2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016 (current_events.rules)
2820061 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish May 4 (current_events.rules)
2822286 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 28 2016 (current_events.rules)
2822292 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Sept 29 2016 (current_events.rules)
2822310 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 29 2016 (current_events.rules)
2822347 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct 3 2016 (current_events.rules)
2822713 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 18 2016 (current_events.rules)
2822891 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 26 2016 (current_events.rules)
2822982 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 28 2016 (current_events.rules)
2823272 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov 15 2016 (current_events.rules)
2823639 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 05 2016 (current_events.rules)
2823904 - ETPRO CURRENT_EVENTS Successful Amazon (FR) Phish Dec 15 2016 (current_events.rules)
2823969 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 20 2016 (current_events.rules)
2825120 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa) (policy.rules)
2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . fi) (policy.rules)
2827010 - ETPRO TROJAN Win32/Vortex Ransomware Domain in SNI (trojan.rules)
2827139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14 1)  (trojan.rules)

[---]  Disabled and modified rules:  [---]

2823482 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Nov 28 2016 (current_events.rules)

[---]         Disabled rules:        [---]

2023487 - ET CURRENT_EVENTS Successful Tesco Bank Phish M1 Nov 08 2016 (current_events.rules)
2814663 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct 29 (current_events.rules)
2814899 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov 12 (current_events.rules)
2821631 - ETPRO CURRENT_EVENTS Successful Adobe/Excel Phish Aug 12 2016 (current_events.rules)
2822661 - ETPRO CURRENT_EVENTS Successful Alibaba Phish M1 Oct 17 2016 (current_events.rules)
2822667 - ETPRO CURRENT_EVENTS Successful Alibaba Phish M2 Oct 17 2016 (current_events.rules)
2822811 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 21 2016 (current_events.rules)
2822843 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 24 2016 (current_events.rules)
2823434 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Nov 22 2016 (current_events.rules)
2823909 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 15 2016 (current_events.rules)
2826462 - ETPRO CURRENT_EVENTS Successful Google Drive Phish May 22 2017 (current_events.rules)

Date: 
Monday, July 17, 2017 - 00:00