Daily Ruleset Update Summary 2017/08/22

[***]            Summary:            [***]

3 new Open, 21 new Pro (3 + 18). Win32/Datper, Malicious Windows SCT Download, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024601 - ET TROJAN Win32/Datper CnC Activity (trojan.rules)
2024602 - ET CURRENT_EVENTS Likely Malicious Windows SCT Download MSXMLHTTP AX M2 (current_events.rules)
2024603 - ET TROJAN Spora Ransomware DNS Query - Clone (trojan.rules)

Pro:

2827606 - ETPRO MALWARE Win32/Unk.PUP/PUA Downloader Checkin (malware.rules)
2827608 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/SpyBanker CnC) (trojan.rules)
2827609 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 22 2017 (current_events.rules)
2827610 - ETPRO CURRENT_EVENTS Evil Redirector iFrame Observed Aug 18 2017 (current_events.rules)
2827611 - ETPRO CURRENT_EVENTS Evil Redirector iFrame Leading to EK Aug 18 2017 (current_events.rules)
2827612 - ETPRO MALWARE Win32/Baofeng PUA CnC Checkin (malware.rules)
2827613 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 13 (mobile_malware.rules)
2827614 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 14 (mobile_malware.rules)
2827615 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 15 (mobile_malware.rules)
2827616 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 16 (mobile_malware.rules)
2827617 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.amd Reporting Infection via SMTP (mobile_malware.rules)
2827618 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 17 (mobile_malware.rules)
2827619 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 18 (mobile_malware.rules)
2827620 - ETPRO TROJAN SyncCypt EXE Download as .jpg (trojan.rules)
2827621 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 16 (mobile_malware.rules)
2827622 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil via SMTP 17 (mobile_malware.rules)
2827623 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.FH Reporting Infection via SMTP 2 (mobile_malware.rules)
2827626 - ETPRO TROJAN KONNI Retrieving Payload 2 (trojan.rules)

[///]     Modified active rules:     [///]

2024543 - ET TROJAN Observed DNS Query to Gryphon CnC Domain / GlobeImposter Payment Domain (trojan.rules)
2826297 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP GetCommand (trojan.rules)
2827158 - ETPRO TROJAN Win32/Banload CnC Activity (trojan.rules)
2827419 - ETPRO CURRENT_EVENTS GlobeImposter Ransomware Note Counter Request (current_events.rules)
2827509 - ETPRO TROJAN Win32/Downloader.Banload.YAZ CnC Activity (trojan.rules)
2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin (trojan.rules)

Date: 
Tuesday, August 22, 2017 - 00:00