Daily Ruleset Update Summary 2017/08/23

[***]            Summary:            [***]

10 new Open, 24 new Pro (10 + 14). Hancitor/Tordal Document, Disdain EK, Various Mobile, Phishing.

[+++]          Added rules:          [+++]

Open:

2024604 - ET CURRENT_EVENTS Hancitor/Tordal Document Request (current_events.rules)
2024605 - ET CURRENT_EVENTS Hancitor/Tordal Document Inbound (current_events.rules)
2024606 - ET CURRENT_EVENTS Disdain EK URI Struct Aug 23 2017 M1 (current_events.rules)
2024607 - ET CURRENT_EVENTS Disdain EK URI Struct Aug 23 2017 M2 (current_events.rules)
2024608 - ET CURRENT_EVENTS Disdain EK Payload Aug 23 2017 (current_events.rules)
2024609 - ET CURRENT_EVENTS Disdain EK Flash Exploit M1 Aug 23 2017 (current_events.rules)
2024610 - ET CURRENT_EVENTS Disdain EK Flash Exploit M2 Aug 23 2017 (current_events.rules)
2024611 - ET CURRENT_EVENTS Disdain EK Flash Exploit M3 Aug 23 2017 (current_events.rules)
2024612 - ET CURRENT_EVENTS Disdain EK Landing Aug 23 2017 (current_events.rules)
2024613 - ET TROJAN OSX.Pwnet.A Certificate Observed (trojan.rules)

Pro:

2827627 - ETPRO CURRENT_EVENTS Successful Generic Phish Aug 22 2017 (current_events.rules)
2827628 - ETPRO TROJAN NanoCore 1.2.2.0 CnC Checkin (trojan.rules)
2827629 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 13 (mobile_malware.rules)
2827630 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 14 (mobile_malware.rules)
2827631 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) M1 Phish Aug 23 2017 (current_events.rules)
2827632 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) M2 Phish Aug 23 2017 (current_events.rules)
2827633 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GV CnC Beacon (mobile_malware.rules)
2827634 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 194 (mobile_malware.rules)
2827635 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Defray Ransomware) (trojan.rules)
2827636 - ETPRO TROJAN DNS Query to TorrentLocker Domain (njnitj . micronit . tw) (trojan.rules)
2827637 - ETPRO CURRENT_EVENTS Successful Onedrive Phish Aug 23 2017 (current_events.rules)
2827638 - ETPRO TROJAN DNS Query to Cerber Domain (m7f27y . bid) (trojan.rules)
2827639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (Linux.BtcMine.26) (trojan.rules)
2827640 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish Aug 23 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2024603 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin (trojan.rules)
2827613 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 13 (mobile_malware.rules)
2827614 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 14 (mobile_malware.rules)
2827623 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.FH Reporting Infection via SMTP 2 (mobile_malware.rules)

Date: 
Wednesday, August 23, 2017 - 00:00