Daily Ruleset Update Summary 2017/08/31

[***]            Summary:            [***]

12 new Open, 27 new Pro (12 + 15). Gazer, Flash Update Landing, MSIL/Omnibus, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024638 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 31 2017 (current_events.rules)
2024639 - ET CURRENT_EVENTS Successful Bitstamp Cryptocurrency Exchange Phish Aug 30 2017 (current_events.rules)
2024640 - ET CURRENT_EVENTS Successful LocalBitcoins Cryptocurrency Exchange Phish Aug 30 2017 (current_events.rules)
2024641 - ET TROJAN Gazer DNS query observed (soligro.com) (trojan.rules)
2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope.com) (trojan.rules)
2024643 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024644 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024645 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024646 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024647 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024648 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)
2024649 - ET CURRENT_EVENTS Fake Adobe Flash Update Landing - Title over non SSL (current_events.rules)

Pro:

2827759 - ETPRO TROJAN Win32/Spy.Qukart Activity (trojan.rules)
2827760 - ETPRO CURRENT_EVENTS FakeAV/TechSupport Scam Aug 30 2017 (current_events.rules)
2827761 - ETPRO TROJAN MSIL/Omnibus PWS Data Exfil (trojan.rules)
2827762 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am CnC Beacon (mobile_malware.rules)
2827763 - ETPRO CURRENT_EVENTS Successful Facebook Support Phish Aug 30 2017 (current_events.rules)
2827764 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827765 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj Contact Exfil via SMTP (mobile_malware.rules)
2827766 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj Reporting Infection via SMTP (mobile_malware.rules)
2827767 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 21 (mobile_malware.rules)
2827768 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Aug 31 2017 (current_events.rules)
2827769 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M2 Aug 31 2017 (current_events.rules)
2827770 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M3 Aug 31 2017 (current_events.rules)
2827771 - ETPRO CURRENT_EVENTS Successful Car2Go Phish M1 Aug 31 2017 (current_events.rules)
2827772 - ETPRO CURRENT_EVENTS Successful Car2Go Phish M2 Aug 31 2017 (current_events.rules)
2827773 - ETPRO CURRENT_EVENTS Successful Cembra Phish Aug 31 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2804838 - ETPRO TROJAN Savit.A Checkin (trojan.rules)
2827167 - ETPRO TROJAN Alina Checkin 1 (trojan.rules)
2827168 - ETPRO TROJAN Alina Checkin 2 (trojan.rules)
2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress .com) (trojan.rules)
2827719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)
2827720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (W32.PooLen) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2822143 - ETPRO TROJAN Loda Logger Screenshot Command from CnC (trojan.rules)

Date: 
Thursday, August 31, 2017 - 00:00