Daily Ruleset Update Summary 2017/09/01

[***]            Summary:            [***]

9 new Open, 30 new Pro (9 + 21). CobianRAT, MacroBot, Backdoor.Ratenjay, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024428 - ET MALWARE InstallCore Variant CnC Checkin (malware.rules)
2024650 - ET CURRENT_EVENTS HEX Payload DL with MSXMLHTP (Observed in Locky campaign) (current_events.rules)
2024651 - ET TROJAN CobianRAT Checkin to CnC (trojan.rules)
2024652 - ET TROJAN CobianRAT Receiving Commands From CnC (trojan.rules)
2024653 - ET TROJAN CobianRAT Receiving Additional Commands From CnC (trojan.rules)
2024654 - ET TROJAN CobianRAT Receiving Config Commands from CnC (trojan.rules)
2024655 - ET TROJAN CobianRAT Screenshot Exfil to CnC (trojan.rules)
2024656 - ET CURRENT_EVENTS Dropbox Phishing Landing - Title over non SSL (current_events.rules)
2024657 - ET CURRENT_EVENTS Successful Dropbox Phish (Locky) Sep 01 2017 (current_events.rules)

Pro:

2827774 - ETPRO TROJAN Backdoor.Ratenjay POST with System Information (trojan.rules)
2827775 - ETPRO TROJAN MSIL/CA MacroBot CnC Activity  (trojan.rules)
2827776 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (aWphcmVkbWM6ODUyMjM1NDZnZw==) (trojan.rules)
2827777 - ETPRO TROJAN DNS Query to Cerber Domain (pr52ni . top) (trojan.rules)
2827778 - ETPRO TROJAN DNS Query to Cerber Domain (c3rczu . top) (trojan.rules)
2827779 - ETPRO TROJAN DNS Query to Cerber Domain (1e1jbc . top) (trojan.rules)
2827780 - ETPRO TROJAN DNS Query to Cerber Domain (17xukb . top) (trojan.rules)
2827781 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 1) (trojan.rules)
2827782 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 2) (trojan.rules)
2827783 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 3) (trojan.rules)
2827784 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 4) (trojan.rules)
2827785 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 5) (trojan.rules)
2827786 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 6) (trojan.rules)
2827787 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 7) (trojan.rules)
2827788 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 8) (trojan.rules)
2827789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 9) (trojan.rules)
2827790 - ETPRO MALWARE Observed Malicious SSL Cert (TechSupport Scam) (malware.rules)
2827791 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 10) (trojan.rules)
2827792 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 11) (trojan.rules)
2827793 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 12) (trojan.rules)
2827794 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-31 13) (trojan.rules)

[///]     Modified active rules:     [///]

2023670 - ET INFO IE7UA No Cookie No Referer (info.rules)
2024641 - ET TROJAN Gazer DNS query observed (soligro . com) (trojan.rules)
2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope . com) (trojan.rules)
2827167 - ETPRO TROJAN Alina Checkin 1 (trojan.rules)
2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress .com) (trojan.rules)

[---]         Removed rules:         [---]

2024428 - ET TROJAN InstallCore Variant CnC Checkin (trojan.rules)

Date: 
Friday, September 1, 2017 - 00:00