Daily Ruleset Update Summary 2017/08/28

[***]            Summary:            [***]

4 new Open, 8 new Pro (4 + 4). WireX Botnet, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024615 - ET MOBILE_MALWARE WireX Botnet DNS Lookup (mobile_malware.rules)
2024616 - ET CURRENT_EVENTS Successful Blockchain Account Phish Aug 19 2016 (current_events.rules)
2024617 - ET CURRENT_EVENTS Successful Poloniex Cryptocurrency Exchange Phish Aug 28 2017 (current_events.rules)
2024618 - ET CURRENT_EVENTS Successful Exmo Cryptocurrency Exchange Phish Aug 28 2017 (current_events.rules)

Pro:

2827688 - ETPRO MALWARE Adware DNS Request (malware.rules)
2827690 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin 2 (mobile_malware.rules)
2827691 - ETPRO POLICY AutoDesk Cloud Hosting Service SSL Cert - Observed hosting malware (policy.rules)
2827692 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 195 (mobile_malware.rules)

[+++]  Enabled and modified rules:   [+++]

2825037 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb 17 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2010066 - ET POLICY Data POST to an image file (gif) (policy.rules)
2023485 - ET TROJAN JS/HTA Downloader Behavior M3 (trojan.rules)
2822647 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 14 2016 (current_events.rules)
2827106 - ETPRO TROJAN JS/HTA Downloader Behavior M2 (trojan.rules)
2827586 - ETPRO TROJAN Possible Compromised Chrome Extension DGA Lookup (trojan.rules)
2827642 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Aug 24 2017 (current_events.rules)
2827660 - ETPRO TROJAN Nm4 Ransomware Onion Domain (trojan.rules)
2827674 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 19 (mobile_malware.rules)

[---]         Removed rules:         [---]

2821772 - ETPRO CURRENT_EVENTS Successful Blockchain Account Phish Aug 19 2016 (current_events.rules)

Date: 
Monday, August 28, 2017 - 00:00