Daily Ruleset Update Summary 2017/08/25

[***]            Summary:            [***]

1 new Open, 31 new Pro (1 + 30). SunDown EK Secondary Encrypted Flash DL, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024614 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 25 2017 (current_events.rules)

Pro:

2827657 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Aug 24 2017 (current_events.rules)
2827658 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Aug 24 2017 (current_events.rules)
2827659 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M4 Aug 24 2017 (current_events.rules)
2827660 - ETPRO TROJAN Nm4 Ransomware Onion Domain (trojan.rules)
2827662 - ETPRO TROJAN JS/HTA Downloader Behavior M4 (trojan.rules)
2827663 - ETPRO CURRENT_EVENTS Successful NatWest Phish Aug 25 2017 (current_events.rules)
2827664 - ETPRO CURRENT_EVENTS Successful Itau Bank Phish Aug 25 2017 (current_events.rules)
2827665 - ETPRO CURRENT_EVENTS SocEng DL Landing Page Aug 25 2017 (current_events.rules)
2827666 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.TJ CnC Beacon (mobile_malware.rules)
2827667 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.ck CnC Beacon (mobile_malware.rules)
2827668 - ETPRO CURRENT_EVENTS Possible Successful Dropbox Phish Aug 25 2017 (current_events.rules)
2827669 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 6 (mobile_malware.rules)
2827670 - ETPRO CURRENT_EVENTS Successful Netflix Phish Aug 25 2017 (current_events.rules)
2827671 - ETPRO CURRENT_EVENTS Successful Personalized DHL Phish Aug 25 2017 (current_events.rules)
2827672 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Secondary Encrypted Flash DL (current_events.rules)
2827673 - ETPRO CURRENT_EVENTS Generic Phishing Redirect Aug 25 2017 (current_events.rules)
2827674 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 19 (mobile_malware.rules)
2827675 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Page Aug 25 2017 (current_events.rules)
2827676 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M1 Aug 25 2017 (current_events.rules)
2827677 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M2 Aug 25 2017 (current_events.rules)
2827678 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M3 Aug 25 2017 (current_events.rules)
2827679 - ETPRO TROJAN DNS Query to Cerber Domain (onl98g . top) (trojan.rules)
2827680 - ETPRO TROJAN DNS Query to Cerber Domain (c3rczu . top) (trojan.rules)
2827681 - ETPRO TROJAN DNS Query to Cerber Domain (pr52ni . top) (trojan.rules)
2827682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-25 1) (trojan.rules)
2827683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-25 2) (trojan.rules)
2827684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-25 3) (trojan.rules)
2827685 - ETPRO TROJAN DNS Query to Cerber Domain (onl98g . top) (trojan.rules)
2827686 - ETPRO TROJAN DNS Query to Cerber Domain (c3rczu . top) (trojan.rules)
2827687 - ETPRO TROJAN DNS Query to Cerber Domain (pr52ni . top) (trojan.rules)

[///]     Modified active rules:     [///]

2023485 - ET TROJAN JS/HTA Downloader Behavior M3 (trojan.rules)
2803145 - ETPRO TROJAN BackDoor.Darkshell.246/Magic Ferret CnC traffic (trojan.rules)
2811472 - ETPRO TROJAN NSIS/TrojanDownloader.Agent.NRQ Downloader Checkin (trojan.rules)
2814518 - ETPRO MALWARE Win32/Wimepud PUP Checkin (malware.rules)
2821564 - ETPRO TROJAN Win32/Kryptik.FCPN Facebook Stealer Activity (trojan.rules)
2821891 - ETPRO TROJAN Win32/Barys IRC Bot NICK Command (trojan.rules)
2822030 - ETPRO TROJAN Win32/Wadereh Checkin (trojan.rules)
2822143 - ETPRO TROJAN Loda Logger Screenshot Command from CnC (trojan.rules)
2824761 - ETPRO TROJAN MSIL/Agent.RZW CoinMiner CnC Activity (trojan.rules)
2824976 - ETPRO TROJAN Win32/Agent.RTC RAT Checkin (trojan.rules)
2827105 - ETPRO TROJAN JS/HTA Downloader Behavior M1 (trojan.rules)
2827106 - ETPRO TROJAN JS/HTA Downloader Behavior M2 (trojan.rules)
2827642 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Aug 24 2017 (current_events.rules)

Date: 
Friday, August 25, 2017 - 00:00