Daily Ruleset Update Summary 2017/09/13

[***]            Summary:            [***]

2 new Open, 25 new Pro (2 + 23). CVE-2017-8759, PhantomClicker, Various Mobile, Phishing.

[+++]          Added rules:          [+++]

Open:

2007991 - ET USER_AGENTS User-Agent (Unknown) (user_agents.rules)
2024702 - ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL (current_events.rules)

Pro:

2827921 - ETPRO TROJAN Salsa Ransomware Checkin (trojan.rules)
2827922 - ETPRO CURRENT_EVENTS Successful ICS Phish Sep 13 2017 (current_events.rules)
2827923 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 206 (mobile_malware.rules)
2827924 - ETPRO TROJAN DNS Query to Cerber Domain (1nzpby . top) (trojan.rules)
2827925 - ETPRO TROJAN DNS Query to Cerber Domain (1aj1bb . top) (trojan.rules)
2827926 - ETPRO TROJAN DNS Query to Sage Domain (l3by4d . com) (trojan.rules)
2827927 - ETPRO TROJAN PhantomClicker Activity (trojan.rules)
2827928 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (TFdZUDNhUWNYTlI3VFZDcnhDeWdzaG01NEY0UlJzdlIxRjp4) (trojan.rules)
2827929 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 207 (mobile_malware.rules)
2827930 - ETPRO POLICY CoinMiner Config Inbound (policy.rules)
2827931 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 1) (trojan.rules)
2827932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 2) (trojan.rules)
2827933 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 3) (trojan.rules)
2827934 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 4) (trojan.rules)
2827935 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 5) (trojan.rules)
2827936 - ETPRO TROJAN MSIL/njRAT/Bladabindi Variant CnC Checkin (trojan.rules)
2827937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 6) (trojan.rules)
2827938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 7) (trojan.rules)
2827939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 8) (trojan.rules)
2827940 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 9) (trojan.rules)
2827941 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 10) (trojan.rules)
2827942 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 11) (trojan.rules)
2827943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 12) (trojan.rules)

[///]     Modified active rules:     [///]

2022800 - ET TROJAN ABUSE.CH Cryptolocker Payment Page (de2nuvwegoo32oqv) (trojan.rules)
2024625 - ET TROJAN Win32/ASPC Bot CnC Checkin M3 (trojan.rules)
2821875 - ETPRO TROJAN Win32/Remcos RAT Checkin 1 (trojan.rules)
2826354 - ETPRO TROJAN Loda Logger Read File Contents Request (trojan.rules)
2827896 - ETPRO EXPLOIT .NET SOAP Code Injection (CVE-2017-8759) (exploit.rules)

[---]  Disabled and modified rules:  [---]

2800392 - ETPRO TROJAN SRaT 1.6 Server Response (trojan.rules)
2822552 - ETPRO CURRENT_EVENTS Successful Gmail Phish Oct 10 2016 (current_events.rules)

[---]         Removed rules:         [---]

2007567 - ET TROJAN Zlob User Agent - updating (unknown) (trojan.rules)
2007991 - ET MALWARE User-Agent (Unknown) (malware.rules)

Date: 
Wednesday, September 13, 2017 - 00:00