Daily Ruleset Update Summary 2017/07/24

[***]            Summary:            [***]

12 new Pro (5 + 6). W32/Emotet.v4, Ursniff TOR Module DL, Various Mobile.

[+++]          Added rules:          [+++]

Pro:

2827268 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules)
2827269 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 185 (mobile_malware.rules)
2827270 - ETPRO TROJAN Genome K2T IP Check (trojan.rules)
2827271 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 186 (mobile_malware.rules)
2827272 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 32-bit (current_events.rules)
2827273 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 64-bit (current_events.rules)
2827274 - ETPRO TROJAN DNS Query to Cerber Domain (1n5mod . top) (trojan.rules)
2827275 - ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top) (trojan.rules)
2827276 - ETPRO TROJAN DNS Query to Cerber Domain (1eiuce . top) (trojan.rules)
2827277 - ETPRO TROJAN DNS Query to Cerber Domain (1j9jad . top) (trojan.rules)
2827278 - ETPRO TROJAN Imminent Monitor MainInformation Command (trojan.rules)
2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish (site40 . net) Jul 18 2017 (info.rules)
2024486 - ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules)
2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015 (current_events.rules)
2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015 (current_events.rules)
2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015 (current_events.rules)
2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015 (current_events.rules)
2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec28 2015 (current_events.rules)
2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10 2016 (current_events.rules)
2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules)
2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules)
2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116 (current_events.rules)
2824193 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules)
2827261 - ETPRO TROJAN  PoshC2 SSL Cert Observed (trojan.rules)
2827265 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP (trojan.rules)

Date: 
Monday, July 24, 2017 - 00:00