Daily Ruleset Update Summary 2017/08/01

[***]            Summary:            [***]

3 new Open, 12 new Pro (3 + 9). Reborn/Ovidiy Stealer, Banload, Cerber Domains.

[+++]          Added rules:          [+++]

Open:

2024506 - ET TROJAN Observed DNS Query to Reborn/Ovidiy Stealer CnC Domain (trojan.rules)
2024507 - ET CURRENT_EVENTS RIG encrypted payload M1 Aug 01 2017 (current_events.rules)
2024508 - ET CURRENT_EVENTS Nemucod JS Downloader Aug 01 2017 (current_events.rules)

Pro:

2806798 - ETPRO POLICY securityxploded malware retrieval UA (policy.rules)
2806799 - ETPRO POLICY securityxploded malware retrieval URI (policy.rules)
2827364 - ETPRO TROJAN Nanocore SSL Certificate (trojan.rules)
2827365 - ETPRO TROJAN Banload CnC Checkin (trojan.rules)
2827366 - ETPRO TROJAN DNS Query to Cerber Domain (1gjpzp . top) (trojan.rules)
2827367 - ETPRO TROJAN DNS Query to Cerber Domain (1e6ly3 . top) (trojan.rules)
2827368 - ETPRO TROJAN DNS Query to Cerber Domain (19grai . top) (trojan.rules)
2827369 - ETPRO TROJAN DNS Query to Cerber Domain (1cosak . top) (trojan.rules)
2827370 - ETPRO TROJAN DNS Query to Cerber Domain (19ckzf . top) (trojan.rules)

[///]     Modified active rules:     [///]

2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2013208 - ET MOBILE_MALWARE Mobile Device Posting Phone Number (mobile_malware.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2022484 - ET CURRENT_EVENTS RIG encrypted payload M1 Feb 02 2016 (current_events.rules)
2024493 - ET CURRENT_EVENTS EITest Inject July 25 2017 (current_events.rules)
2810291 - ETPRO TROJAN NanoCore RAT Keepalive Response 2 (trojan.rules)
2820876 - ETPRO TROJAN W32/FusionCoreDownldr.A2 Checkin (trojan.rules)
2827114 - ETPRO TROJAN MSIL/Ovidiy Stealer CnC Checkin (trojan.rules)
2827237 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-19 6) (trojan.rules)

[---]         Removed rules:         [---]

2806798 - ETPRO TROJAN securityxploded malware retrieval UA (trojan.rules)
2806799 - ETPRO TROJAN securityxploded malware retrieval URI (trojan.rules)

Date: 
Tuesday, August 1, 2017 - 00:00