Daily Ruleset Update Summary 2017/08/30

[***]            Summary:            [***]

18 new Open, 40 new Pro (18 + 22). Gazer, IDKEY/Ghoul Banker, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024620 - ET TROJAN ISMAgent DNS Lookup (msoffice-cdn . com) (trojan.rules)
2024621 - ET CURRENT_EVENTS Successful Paxful Cryptocurrency Wallet Phish Aug 30 2017 (current_events.rules)
2024622 - ET CURRENT_EVENTS Possible NatWest Bank Phishing Landing - Title over non SSL (current_events.rules)
2024623 - ET CURRENT_EVENTS Possible NatWest Bank Phishing Landing - Title over non SSL (current_events.rules)
2024624 - ET CURRENT_EVENTS Possible NatWest Bank Phishing Landing - Title over non SSL (current_events.rules)
2024625 - ET TROJAN Win32/ASPC Bot CnC Checkin M3 (trojan.rules)
2024626 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024627 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024628 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024629 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024630 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024631 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024632 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024633 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024634 - ET TROJAN DeepEnd Research Ransomware Domain Detected (trojan.rules)
2024635 - ET TROJAN ABUSE.CH Cerber Ransomware Domain Detected (trojan.rules)
2024636 - ET TROJAN ABUSE.CH Cerber Ransomware Domain Detected (trojan.rules)
2024637 - ET TROJAN Gazer HTTP POST Checkin (trojan.rules)

Pro:

2827736 - ETPRO TROJAN EXE Disguised as Certificate (trojan.rules)
2827737 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish M1 Aug 30 2017 (current_events.rules)
2827738 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish M2 Aug 30 2017 (current_events.rules)
2827739 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish M3 Aug 30 2017 (current_events.rules)
2827740 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 30 2017 (current_events.rules)
2827741 - ETPRO TROJAN Bitpaymer Ransomware Domain Detected (trojan.rules)
2827742 - ETPRO TROJAN Win32/Unk.Downloader Receiving Config from CnC Server (trojan.rules)
2827743 - ETPRO TROJAN Zloader Domain in SNI (storewideonline) (trojan.rules)
2827744 - ETPRO MALWARE Win32/Auslogics PUA Successful Checkin (malware.rules)
2827746 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827747 - ETPRO CURRENT_EVENTS Successful Amazon (IT) Phish Aug 30 2017 (current_events.rules)
2827748 - ETPRO CURRENT_EVENTS Malvertising Leading to EK/SocEng Aug 29 2017 (current_events.rules)
2827749 - ETPRO TROJAN IDKEY/Ghoul Banker Checkin (trojan.rules)
2827750 - ETPRO TROJAN IDKEY/Ghoul Banker Exfil System Info (trojan.rules)
2827751 - ETPRO CURRENT_EVENTS Successful NatWest Phish M1 Aug 30 2017 (current_events.rules)
2827752 - ETPRO CURRENT_EVENTS Successful NatWest Phish M2 Aug 30 2017 (current_events.rules)
2827753 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) Phish Aug 30 2017 (current_events.rules)
2827754 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin - Failed Install (trojan.rules)
2827755 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Keepalive (trojan.rules)
2827756 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin - Log (trojan.rules)
2827757 - ETPRO TROJAN Win32/Unknown CnC Beacon (trojan.rules)
2827758 - ETPRO CURRENT_EVENTS Successful Itaucard (BR) Phish Aug 30 2017 (current_events.rules)

[+++]  Enabled and modified rules:   [+++]

2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015 (current_events.rules)

[///]     Modified active rules:     [///]

2826930 - ETPRO POLICY XMR CoinMiner Usage (policy.rules)
2827137 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2015-0016 (current_events.rules)
2827713 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 18 (mobile_malware.rules)
2827714 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 19 (mobile_malware.rules)
2827719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)
2827720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)
2827722 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 20 (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2827374 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin Attempt (trojan.rules)

Date: 
Wednesday, August 30, 2017 - 00:00