Daily Ruleset Update Summary 2017/07/31

[***]            Summary:            [***]

14 new Pro. Cerber Domains, Various Mobile, Various Phishing.

Thanks: Seth Elo, @protectwise

[+++]          Added rules:          [+++]

2827350 - ETPRO CURRENT_EVENTS Successful Google Doc Multiple Email Phish Jul 31 2017 (current_events.rules)
2827351 - ETPRO MOBILE_MALWARE Android/Triada.EG DNS Lookup (mobile_malware.rules)
2827352 - ETPRO TROJAN DNS Query to Cerber Domain (1jrkyn . top) (trojan.rules)
2827353 - ETPRO TROJAN DNS Query to Cerber Domain (1fnhyq . top) (trojan.rules)
2827354 - ETPRO TROJAN DNS Query to Cerber Domain (1jfjhb . top) (trojan.rules)
2827355 - ETPRO TROJAN DNS Query to Cerber Domain (14o2wp . top) (trojan.rules)
2827356 - ETPRO TROJAN DNS Query to Cerber Domain (1jmu65 . top) (trojan.rules)
2827357 - ETPRO TROJAN DNS Query to Cerber Domain (12ct4c . top) (trojan.rules)
2827358 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Yoga.a CnC Beacon (mobile_malware.rules)
2827359 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fl CnC Beacon (mobile_malware.rules)
2827360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-31 1) (trojan.rules)
2827361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-31 2) (trojan.rules)
2827362 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-31 3) (trojan.rules)
2827363 - ETPRO CURRENT_EVENTS Unknown Downloader EXE DL (current_events.rules)

[///]     Modified active rules:     [///]

2013208 - ET MOBILE_MALWARE Mobile Device Posting Phone Number (mobile_malware.rules)
2024285 - ET TROJAN OSX/Proton.B Domain in SNI (trojan.rules)
2024502 - ET TROJAN ISMAgent CnC Checkin 1 (trojan.rules)
2024503 - ET TROJAN ISMAgent Receiving Commands from CnC Server (trojan.rules)
2024504 - ET TROJAN ISMAgent DNS Tunneling (microsoft-publisher . com) (trojan.rules)
2816718 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (trojan.rules)
2821692 - ETPRO TROJAN ZeusPOS Payload M2 (trojan.rules)
2824274 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2825163 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to Download PDF) Feb 28 2017 (current_events.rules)
2825248 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Mar 06 2017 (current_events.rules)

[---]         Removed rules:         [---]

2827139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14 1)  (trojan.rules)

Date: 
Monday, July 31, 2017 - 00:00