Daily Ruleset Update Summary 2017/07/18

[***]            Summary:            [***]

2 new Open, 31 new Pro (2 + 29). ClipBanker.BX, TeslaWare Ransomware, Various Phishing, Various Mobile.

Thanks: @rmkml, @ProtectWise

[+++]          Added rules:          [+++]

Open:

2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish (site40 .net) Jul 18 2017 (info.rules)
2024471 - ET TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-17 7) (trojan.rules)

Pro:

2827183 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M1 Jul 18 2017 (current_events.rules)
2827184 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M2 Jul 18 2017 (current_events.rules)
2827185 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M3 Jul 18 2017 (current_events.rules)
2827186 - ETPRO CURRENT_EVENTS Successful Tesco Phish (set) M4 Jul 18 2017 (current_events.rules)
2827187 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin M2 (trojan.rules)
2827188 - ETPRO POLICY External IP Address Lookup (utrace .de) (policy.rules)
2827189 - ETPRO TROJAN MSIL/TeslaWare Ransomware Requesting Image (trojan.rules)
2827190 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827191 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827192 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 1 (mobile_malware.rules)
2827193 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 2 (mobile_malware.rules)
2827194 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 3 (mobile_malware.rules)
2827195 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 4 (mobile_malware.rules)
2827196 - ETPRO MOBILE_MALWARE ANDROIDOS_GHOSTCTRL Activity 5 (mobile_malware.rules)
2827197 - ETPRO CURRENT_EVENTS Successful Postepay Phish Jul 18 2017 (current_events.rules)
2827198 - ETPRO CURRENT_EVENTS Successful Generic Phish - Redirect to Google Jul 18 2017 (current_events.rules)
2827199 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 179 (mobile_malware.rules)
2827200 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Jul 18 2017 (current_events.rules)
2827201 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Jul 18 2017 (current_events.rules)
2827202 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Proofpoint Phishing (trojan.rules)
2827203 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 180 (mobile_malware.rules)
2827204 - ETPRO TROJAN Observed DNS Query to Known Win32/Ardamax Keylogger CnC Domain (trojan.rules)
2827205 - ETPRO MALWARE AdWare.InstallerWrapper CnC Checkin (malware.rules)
2827206 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (perefacki . eu) (trojan.rules)
2827207 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (morefitggr . eu) (trojan.rules)
2827208 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (salemalertoy . eu) (trojan.rules)
2827209 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (kuseyambar . eu) (trojan.rules)
2827210 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (bokergrop . eu) (trojan.rules)
2827211 - ETPRO TROJAN Win32/Harmony.A Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2021195 - ET POLICY Possible External IP Lookup whoer.net (policy.rules)
2023472 - ET POLICY OpenDNS IP Lookup (policy.rules)
2024429 - ET TROJAN Win32/Parite.B Checkin 3 (trojan.rules)
2807826 - ETPRO TROJAN Win32/Parite.B Checkin 1 (trojan.rules)
2809951 - ETPRO POLICY Possible External IP Lookup pijoto.net (policy.rules)
2812875 - ETPRO POLICY External IP Lookup - iplocation.com (policy.rules)
2814489 - ETPRO POLICY External IP Lookup - ip.taobao.com (policy.rules)
2816531 - ETPRO POLICY External IP Lookup www.trackip.net (policy.rules)
2816532 - ETPRO POLICY External IP Lookup www.ip-tracker.org (policy.rules)
2820451 - ETPRO POLICY External IP Lookup freehostedscripts.net (policy.rules)
2820539 - ETPRO POLICY External IP Lookup whereisip.net (policy.rules)
2824684 - ETPRO POLICY External IP Lookup localize.pdfforge.org (policy.rules)
2825882 - ETPRO CURRENT_EVENTS Successful Email Shutdown/Verification Phish Apr 11 2017 (current_events.rules)
2826669 - ETPRO CURRENT_EVENTS Successful Netlix Phish Jun 08 2017 (current_events.rules)

[---]         Removed rules:         [---]

2024466 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)

Date: 
Tuesday, July 18, 2017 - 00:00