Daily Ruleset Update Summary 2017/09/05

[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8). KHRAT, RIG EK, NetSupport RAT, MSIL/Queequeg, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024658 - ET TROJAN KHRAT DNS Lookup (upload-dropbox .com) (trojan.rules)
2024659 - ET TROJAN [PTsecurity] Tinba Checkin 4 (trojan.rules)
2024660 - ET CURRENT_EVENTS RIG EK Rip Sep 05 2017 (current_events.rules)
2024661 - ET CURRENT_EVENTS RIG EK Rip Sep 05 2017 M2 (current_events.rules)
2024662 - ET POLICY DNS Query to .onion proxy Domain (onion.guide) (policy.rules)

Pro:

2827795 - ETPRO TROJAN Unk.Stealer CnC Checkin (trojan.rules)
2827796 - ETPRO TROJAN NetSupport RAT Malicious Domain in SNI Observed (trojan.rules)
2827797 - ETPRO TROJAN MSIL/Queequeg Loader Checkin (trojan.rules)
2827798 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 196 (mobile_malware.rules)
2827799 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Sep 05 2017 (FWS) (current_events.rules)
2827800 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Sep 05 2017 (CWS) (current_events.rules)
2827801 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Sep 05 2017 (ZWS) (current_events.rules)
2827802 - ETPRO TROJAN MSIL/Kryptik.KPP CnC Checkin via FTP (trojan.rules)

[///]     Modified active rules:     [///]

2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope . com) (trojan.rules)
2825584 - ETPRO TROJAN Ehdoor CnC Beacon (trojan.rules)
2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules)
2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2824848 - ETPRO TROJAN Odinaff Malicious SSL Certificate Detected (trojan.rules)

Date: 
Tuesday, September 5, 2017 - 00:00