Daily Ruleset Update Summary 2017/08/29

[***]            Summary:            [***]

1 new Open, 43 new Pro (1 + 42). Win32.TorJok, W32.PooLen, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024619 - ET TROJAN APT12 THREEBYTE DNS Lookup (trojan.rules)

Pro:

2827693 - ETPRO TROJAN Trojan.Win32.TorJok Checkin (trojan.rules)
2827694 - ETPRO TROJAN Win32/TrojanDownloader.Agent.DOO malicious DNS query observed (trojan.rules)
2827695 - ETPRO TROJAN Win32/Banload.Downloader POST request CnC Checkin (trojan.rules)
2827696 - ETPRO TROJAN MSIL/Injector.SPK CnC DNS query observed (trojan.rules)
2827697 - ETPRO CURRENT_EVENTS Microsoft Online Phishing Landing Page Aug 29 2017 (current_events.rules)
2827698 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN CnC Beacon (mobile_malware.rules)
2827699 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN CnC Beacon 2 (mobile_malware.rules)
2827700 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN CnC Beacon 3 (mobile_malware.rules)
2827701 - ETPRO TROJAN Win32/Banload Downloader Activity (trojan.rules)
2827703 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP (WriteLogs) (trojan.rules)
2827704 - ETPRO CURRENT_EVENTS Successful Rogers Phish M1 Aug 29 2017 (current_events.rules)
2827705 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP (GetDownloadDLL) (trojan.rules)
2827706 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP (BuildCode) (trojan.rules)
2827707 - ETPRO TROJAN W32.PooLen Coinminer Checkin (trojan.rules)
2827708 - ETPRO CURRENT_EVENTS Successful Rogers Phish M2 Aug 29 2017 (current_events.rules)
2827709 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827710 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP 5 (mobile_malware.rules)
2827711 - ETPRO CURRENT_EVENTS Successful Rogers Phish M3 Aug 29 2017 (current_events.rules)
2827712 - ETPRO TROJAN W32.PooLen User-Agent (trojan.rules)
2827713 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 18 (mobile_malware.rules)
2827714 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 19 (mobile_malware.rules)
2827715 - ETPRO TROJAN W32.PooLen HTTP Request Header (trojan.rules)
2827716 - ETPRO TROJAN W32.PooLen Download and Run Command Successful (trojan.rules)
2827717 - ETPRO TROJAN W32.PooLen Coinminer Checkin 2 (trojan.rules)
2827718 - ETPRO TROJAN W32.PooLen Coinminer Requesting Commands (trojan.rules)
2827719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)
2827720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)
2827721 - ETPRO CURRENT_EVENTS Successful KerioConnect Webmail Phish Aug 29 2017 (current_events.rules)
2827722 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 19 (mobile_malware.rules)
2827723 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827724 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827725 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827726 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827727 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827728 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827729 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827730 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827731 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827732 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827733 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827734 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)
2827735 - ETPRO CURRENT_EVENTS Malicious Redirector (SocEng) DNS Request (current_events.rules)

[///]     Modified active rules:     [///]

2827137 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2015-0016 (current_events.rules)

Date: 
Tuesday, August 29, 2017 - 00:00