Daily Ruleset Update Summary 2017/09/11

[***]            Summary:            [***]

11 new Open, 31 new Pro (11 + 20). Remcos RAT, Win32/Filecoder.NHN, Various Phishing, Mobile.

Thanks: @attackdetection, @CISecurity

[+++]          Added rules:          [+++]

Open:

2024689 - ET WEB_CLIENT Download of Multimedia Content flowbit set (web_client.rules)
2024690 - ET WEB_CLIENT Download of .MOV Content flowbit set (web_client.rules)
2024691 - ET CURRENT_EVENTS RIG encrypted payload Sept 11 (1) (current_events.rules)
2024692 - ET TROJAN Win32/Unk.Bot CnC Checkin 2 (trojan.rules)
2024693 - ET MALWARE Win32/LoadMoney Adware Activity (malware.rules)
2024694 - ET TROJAN [PTsecurity] pkt checker 0 (trojan.rules)
2024695 - ET TROJAN [PTsecurity] pkt checker 1 (trojan.rules)
2024696 - ET TROJAN [PTsecurity] pkt checker 2 (trojan.rules)
2024697 - ET TROJAN [PTsecurity] pkt checker 3 (trojan.rules)
2024698 - ET TROJAN [PTsecurity] Backdoor.Win32/Remcos RAT pkt checker 4 (trojan.rules)
2024699 - ET TROJAN [PTsecurity] Adware/Rukometa(LoadMoney) Fake PNG File (trojan.rules)

Pro:

2803310 - ETPRO USER_AGENTS SmartCleaner Related FakeAV User-Agent (user_agents.rules)
2803324 - ETPRO USER_AGENTS GabPath Adware User-Agent (MNRecover) (user_agents.rules)
2803325 - ETPRO USER_AGENTS GabPath Adware User-Agent (MNUpdater) (user_agents.rules)
2803360 - ETPRO USER_AGENTS Flipopia Adware User-Agent (FPRecover) (user_agents.rules)
2803370 - ETPRO USER_AGENTS Suspicious User Agent (_Converter_) (user_agents.rules)
2827881 - ETPRO TROJAN MSIL/Unknown HTTP Bot CnC Activity (trojan.rules)
2827882 - ETPRO MALWARE DriveGenius PUP/PUA Install Checkin (malware.rules)
2827883 - ETPRO TROJAN Win32/Filecoder.NHN POST with System Info (trojan.rules)
2827884 - ETPRO CURRENT_EVENTS Successful ABSA Phish Sep 11 2017 (current_events.rules)
2827885 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017 (current_events.rules)
2827886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Sep 11 2017 (current_events.rules)
2827887 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish Sep 11 2017 (current_events.rules)
2827888 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.ANO Reporting Infection via SMTP (mobile_malware.rules)
2827889 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017 (current_events.rules)
2827890 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eq SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827891 - ETPRO TROJAN Malicious SSL Certificate Detected (NetSupport Manager RAT) (trojan.rules)
2827892 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.san SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2827893 - ETPRO TROJAN Win32/Unknown.2 CnC Checkin (trojan.rules)
2827894 - ETPRO USER_AGENTS Win32.Vaubeg.A UA (user_agents.rules)
2827895 - ETPRO USER_AGENTS Suspicious UA (hunter) (user_agents.rules)

[///]     Modified active rules:     [///]

2024531 - ET TROJAN MSIL/August Stealer CnC Activity (trojan.rules)
2807460 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin (trojan.rules)
2820489 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.m Checkin (mobile_malware.rules)
2826391 - ETPRO TROJAN Zloader HTTP Checkin (trojan.rules)
2827100 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)

[---]  Disabled and modified rules:  [---]

 2011124 - ET MALWARE Suspicious FTP 220 Banner on Local Port (spaced) (malware.rules)

[---]         Removed rules:         [---]

2803310 - ETPRO TROJAN SmartCleaner Related FakeAV User-Agent (trojan.rules)
2803324 - ETPRO MALWARE GabPath Adware User-Agent (MNRecover) (malware.rules)
2803325 - ETPRO MALWARE GabPath Adware User-Agent (MNUpdater) (malware.rules)
2803360 - ETPRO MALWARE Flipopia Adware User-Agent (FPRecover) (malware.rules)
2803370 - ETPRO TROJAN Suspicious User Agent (_Converter_) (trojan.rules)
2826556 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eg Contact Exfil via SMTP 2 (mobile_malware.rules)
2826705 - ETPRO TROJAN Win32/Neshta.A Checkin (trojan.rules)

Date: 
Monday, September 11, 2017 - 00:00