Daily Ruleset Update Summary 2017/07/20

[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). DarkHotel Downloader, Shifr Ransomware, Various Phishing, Various Mobile.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024482 - ET TROJAN DarkHotel Downloader CnC Beacon 1 (trojan.rules)
2024483 - ET TROJAN DarkHotel Downloader CnC Beacon 2 (trojan.rules)
2024484 - ET MALWARE ProxyGearPro Proxy Tool PUA (malware.rules)
2024485 - ET TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown Stealer CnC) (trojan.rules)

Pro:

2827248 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jul 20 2017 (current_events.rules)
2827249 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jul 20 2017 (current_events.rules)
2827250 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jul 20 2017 (current_events.rules)
2827251 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jul 20 2017 (current_events.rules)
2827252 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules)
2827253 - ETPRO TROJAN Shifr Ransomware Payment Domain Observed in SNI (trojan.rules)
2827254 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon (mobile_malware.rules)
2827255 - ETPRO TROJAN W32/DarkVNC Checkin (trojan.rules)
2827256 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 181 (mobile_malware.rules)
2827257 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 182 (mobile_malware.rules)
2827258 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 183 (mobile_malware.rules)
2827259 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M1 (current_events.rules)
2827260 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M2 (current_events.rules)
2827261 - ETPRO TROJAN Win32/Unknown.PowerShell SSL Cert Observed (trojan.rules)

[///]     Modified active rules:     [///]

2812546 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M1 Aug 20 2015 (current_events.rules)
2812547 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M2 Aug 20 2015 (current_events.rules)
2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6 2015 (current_events.rules)
2822419 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Oct 05 2016 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2815240 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Dec 8 2015 (current_events.rules)

[---]         Disabled rules:        [---]

2812763 - ETPRO CURRENT_EVENTS Successful Amazon Phish Aug 27 2 (current_events.rules)
2812764 - ETPRO CURRENT_EVENTS Successful Amazon Phish Aug 27 3 (current_events.rules)
2814891 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M1 (current_events.rules)
2814892 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M2 (current_events.rules)
2814893 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 11 M3 (current_events.rules)
2815241 - ETPRO CURRENT_EVENTS Successful Amazon Phish Dec 8 M2 (current_events.rules)

Date: 
Thursday, July 20, 2017 - 00:00