Daily Ruleset Update Summary 2017/07/21

[***]            Summary:            [***]

5 new Open, 11 new Pro (5 + 6). Shifr Ransomware, MSIL/InstagramAccount Bot, Various Phishing, Various Mobile.

Thanks: Jake Warren, @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024486 - ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules)
2024487 - ET TROJAN Possible NotPetya Related DNS query (trojan.rules)
2024488 - ET TROJAN Possible NotPetya Related DNS query (trojan.rules)
2024489 - ET TROJAN Win32/Bitshifter Ransomware CnC Checkin (trojan.rules)
2024490 - ET TROJAN HTTP Request with suspicious filename - myguy (trojan.rules)

Pro:

2827262 - ETPRO TROJAN Observed Malicious SSL Cert (Evil CoinMiner) (trojan.rules)
2827263 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.TF SMS/Contact Exfil (mobile_malware.rules)
2827264 - ETPRO TROJAN MSIL/Unk.Stealer CnC Checkin (trojan.rules)
2827265 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP (trojan.rules)
2827266 - ETPRO TROJAN MSIL/InstagramAccount Bot CnC Checkin (trojan.rules)
2827267 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 184 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish (site40 . net) Jul 18 2017 (info.rules)
2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015 (current_events.rules)
2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6 2015 (current_events.rules)
2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015 (current_events.rules)
2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015 (current_events.rules)
2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015 (current_events.rules)
2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec 28 2015 (current_events.rules)
2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10 2016 (current_events.rules)
2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules)
2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules)
2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116 (current_events.rules)
2822313 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 29 2016 (current_events.rules)
2822376 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M1 Oct 04 2016 (current_events.rules)
2822401 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 04 2016 (current_events.rules)
2822903 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M1 Oct 26 2016 (current_events.rules)
2822904 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M2 Oct 26 2016 (current_events.rules)
2822941 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 27 2016 (current_events.rules)
2824158 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Dec 30 2016 (current_events.rules)
2824403 - ETPRO CURRENT_EVENTS Successful Apple (CA) Phish Jan 12 2017 (current_events.rules)
2824531 - ETPRO CURRENT_EVENTS Successful AOL Phish Jan 19 2017 (current_events.rules)
2824661 - ETPRO CURRENT_EVENTS Successful Apple Find My iPhone Phish Jan 26 2017 (current_events.rules)
2827255 - ETPRO TROJAN W32/DarkVNC Checkin (trojan.rules)
2827261 - ETPRO TROJAN  PoshC2 SSL Cert Observed (trojan.rules)

[---]  Disabled and modified rules:  [---]

2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015 (current_events.rules)

[---]         Disabled rules:        [---]

2812508 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 18 (current_events.rules)
2812509 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 18 (current_events.rules)
2812826 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Aug 31 1 (current_events.rules)
2812827 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Aug 31 2 (current_events.rules)
2812872 - ETPRO CURRENT_EVENTS Successful Apple Account Phish Sept 2 (current_events.rules)
2814043 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Sept 22 (current_events.rules)
2815294 - ETPRO CURRENT_EVENTS Successful Apple Phish Dec 9 M1 (current_events.rules)
2821030 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Jul 11 (current_events.rules)
2822379 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 04 2016 (current_events.rules)
2822709 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 18 2016 (current_events.rules)
2822725 - ETPRO CURRENT_EVENTS Successful Amazon Phish Oct 18 2016 (current_events.rules)
2822940 - ETPRO CURRENT_EVENTS Successful Apple Global Service Exchange Phish Oct 27 2016 (current_events.rules)
2823575 - ETPRO CURRENT_EVENTS Successful Apple Connect Phish Dec 02 2016 (current_events.rules)
2824133 - ETPRO CURRENT_EVENTS Successful Apple Phish Dec 29 2016 (current_events.rules)

[---]         Removed rules:         [---]

2827252 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules)

Date: 
Friday, July 21, 2017 - 00:00