Daily Ruleset Update Summary 2017/07/25

[***]            Summary:            [***]

8 new Open, 20 new Pro (8 + 12). CopyKittens, TDTESS Backdoor, Chthonic Update, Various Mobile.

Thanks: @patpoopy

[+++]          Added rules:          [+++]

Open:

2024491 - ET TROJAN Shifr Ransomware CnC DNS Query (v5t5z6a55ksmt3oh) (trojan.rules)
2024492 - ET TROJAN Shifr Ransomware CnC DNS Query (ojdue4474qghybjb) (trojan.rules)
2024493 - ET CURRENT_EVENTS EITest Inject July 25 2017 (current_events.rules)
2024494 - ET CURRENT_EVENTS EITest Keitaro Evil Redirect Leading to SocENG July 25 2017 (current_events.rules)
2024495 - ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 . com) (trojan.rules)
2024496 - ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter-statics . info) (trojan.rules)
2024497 - ET TROJAN CopyKittens Cobalt Strike DNS Lookup (cloudflare-analyse . com) (trojan.rules)
2024498 - ET TROJAN TDTESS Backdoor User-Agent (trojan.rules)

Pro:

2827280 - ETPRO TROJAN JS/Cryxos.B Dropper Requesting EXE (trojan.rules)
2827281 - ETPRO TROJAN Noobcrypt Ransomware Domain in SNI (trojan.rules)
2827282 - ETPRO TROJAN Chthonic CnC Beacon 9 (trojan.rules)
2827283 - ETPRO TROJAN W32/Banpol.A Joining IRC Channel (trojan.rules)
2827284 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 187 (mobile_malware.rules)
2827285 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 188 (mobile_malware.rules)
2827286 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil Keitaro TDS) Jul 25 2017 (current_events.rules)
2827287 - ETPRO TROJAN Win32/Trojan.Downloader.CSB Checkin 1 (trojan.rules)
2827288 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 189 (mobile_malware.rules)
2827289 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 190 (mobile_malware.rules)
2827290 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.z SMS Exfil (mobile_malware.rules)
2827291 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon (mobile_malware.rules)

[///]     Modified active rules:     [///]

2820983 - ETPRO TROJAN XXMM2/Minzen CnC Beacon (trojan.rules)
2821023 - ETPRO TROJAN Win32/Neutrino Bot Malicious SSL Certificate Detected (trojan.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
2827253 - ETPRO TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules)

Date: 
Tuesday, July 25, 2017 - 00:00