Daily Ruleset Update Summary 2017/09/19

[***]            Summary:            [***]

8 new Open, 25 new Pro (8 + 17). JS Cryptocurrency Mining Cert, OptionsBleed (CVE-2017-9798), Additional W32/Emotet.v4, Various Phishing, Mobile.

[+++]          Added rules:          [+++]

Open:

2024720 - ET TROJAN Lets Encrypt Free SSL Cert Observed in Possible Javascript Cryptocurrency Mining (trojan.rules)
2024721 - ET CURRENT_EVENTS CoinHive In-Browser Miner Detected (current_events.rules)
2024722 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) (trojan.rules)
2024723 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) (trojan.rules)
2024724 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) (trojan.rules)
2024725 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (opurie) (trojan.rules)
2024726 - ET TROJAN Malicious Adware Chrome Extension Detected (1) (trojan.rules)
2024727 - ET TROJAN Malicious Adware Chrome Extension Detected (2) (trojan.rules)

Pro:

2827992 - ETPRO TROJAN TrickBot IP Check (trojan.rules)
2827993 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 216 (mobile_malware.rules)
2827994 - ETPRO TROJAN Malicious Python Libraries Communicating with CnC (trojan.rules)
2827995 - ETPRO CURRENT_EVENTS Successful NAB Phish M1 Sep 19 2017 (current_events.rules)
2827996 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Sep 19 2017 (current_events.rules)
2827997 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Sep 19 2017 (current_events.rules)
2827998 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sep 19 2017 (current_events.rules)
2827999 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sep 19 2017 (current_events.rules)
2828000 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup (mobile_malware.rules)
2828001 - ETPRO WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)
2828002 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup 2 (mobile_malware.rules)
2828003 - ETPRO WEB_SERVER OptionsBleed (CVE-2017-9798) (web_server.rules)
2828004 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.cm CnC Beacon (mobile_malware.rules)
2828005 - ETPRO TROJAN Emotet Post Drop C2 Comms (trojan.rules)
2828006 - ETPRO TROJAN Emotet Post Drop C2 Comms M2 (trojan.rules)
2828007 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)
2828008 - ETPRO TROJAN W32/Emotet.v4 Checkin 3 (trojan.rules)

[///]     Modified active rules:     [///]

2012849 - ET POLICY Possible Mobile Malware POST of IMSI International Mobile Subscriber Identity in URI (policy.rules)
2803732 - ETPRO USER_AGENTS Trojan-Downloader.Win32.Delf.aznp User-Agent (api.pc120.com) (user_agents.rules)
2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules)
2827975 - ETPRO CURRENT_EVENTS Successful Docusign Phish Sep 18 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)

[---]         Disabled rules:        [---]

2804311 - ETPRO TROJAN Win32/Comroki Checkin (trojan.rules)
2804312 - ETPRO MALWARE NSIS.Adware-BC Install 2 (malware.rules)
2804313 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.exc Checkin (trojan.rules)
2804315 - ETPRO TROJAN Trojan-Downloader.Win32.Banload!IK Checkin (trojan.rules)
2804320 - ETPRO TROJAN Trojan/Invader.ciy Checkin (trojan.rules)
2804322 - ETPRO TROJAN Exploit.Win32/MS08067.gen!A Checkin (trojan.rules)
2804323 - ETPRO TROJAN Win32/Ransom.EJ checkin (trojan.rules)
2804329 - ETPRO TROJAN Virus.Win32.OnLineGames!IK Checkin (trojan.rules)
2804386 - ETPRO MALWARE Variant.Adware.Gabpath.2 Checkin (malware.rules)
2804397 - ETPRO EXPLOIT Avaya WinPDM UniteHostRouter Stack Buffer Overflow (exploit.rules)
2804399 - ETPRO EXPLOIT HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow (exploit.rules)
2804404 - ETPRO TROJAN Trojan/Genome.aieg Checkin (trojan.rules)
2804407 - ETPRO MALWARE Adware.Relevant.BH Install (malware.rules)
2804409 - ETPRO TROJAN Variant.Kazy.51230 Checkin (trojan.rules)
2804417 - ETPRO TROJAN TrojanClicker.Win32/Towshin.A Checkin (trojan.rules)
2804418 - ETPRO TROJAN Trojan.Win32.Scar.facd Checkin (trojan.rules)
2804420 - ETPRO TROJAN Win32/TrojanDownloader.Adload.NJJ CnC Traffic (trojan.rules)
2804422 - ETPRO TROJAN Win32/Poison.BG Checkin (trojan.rules)
2804423 - ETPRO TROJAN TrojanDownloader.Win32/Banload.ACK receiving config (trojan.rules)
2804430 - ETPRO MALWARE PUP/Win32.UtilTop Install (malware.rules)
2804431 - ETPRO TROJAN Backdoor.Win32.Solidrat.A Checkin (INBOUND) (trojan.rules)
2804440 - ETPRO TROJAN Downloader.a!kw Checkin (trojan.rules)
2804441 - ETPRO TROJAN TrojanDropper.Win32/Microjoin.gen!C Checkin (trojan.rules)
2804442 - ETPRO TROJAN TrojanDropper.Win32/Umrena.F Checkin (trojan.rules)
2804446 - ETPRO TROJAN Win32/Votead Checkin (trojan.rules)
2804448 - ETPRO TROJAN Trojan.Zlob Install (trojan.rules)
2804450 - ETPRO TROJAN Virus.Win32.Virut.ce Install (trojan.rules)
2804458 - ETPRO MALWARE Win32/Adware.Kraddare.CZ Checkin (malware.rules)
2804462 - ETPRO MALWARE Mal/Emogen-E Install (malware.rules)
2804463 - ETPRO EXPLOIT libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0 and Cisco IronPort Appliances Buffer overflow (exploit.rules)
2804464 - ETPRO MALWARE BHO.Win32.Zwangi!IK Install (malware.rules)
2804469 - ETPRO TROJAN Win32/Sality.R Checkin (trojan.rules)
2804472 - ETPRO TROJAN Trojan.Crypt.Delf.AH Checkin (trojan.rules)
2804476 - ETPRO TROJAN Trojan.Win32.Jorik.Agent.ee Checkin (trojan.rules)
2804478 - ETPRO TROJAN W32/Autorun.worm.bbs Install (trojan.rules)
2804481 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QFP Checkin (trojan.rules)
2804483 - ETPRO TROJAN PWS-Zbot.gen.di Conectivity Check (trojan.rules)
2804497 - ETPRO TROJAN Trojan.Win32.Sasfis Checkin (trojan.rules)
2804501 - ETPRO MALWARE PAK_Generic.001 Checkin (malware.rules)
2804504 - ETPRO MALWARE rogue anti-spyware Soft-Cop (malware.rules)
2804512 - ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 1 (web_server.rules)
2804513 - ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 2 (web_server.rules)
2804514 - ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 3 (web_server.rules)
2804525 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.aafb Checkin (trojan.rules)
2804527 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.aocj Checkin (trojan.rules)
2804528 - ETPRO TROJAN Trojan.Win32.Pasta.oaf Checkin (trojan.rules)
2804529 - ETPRO MALWARE not-a-virus.PSWTool.Win32.Pwdspyhk (malware.rules)
2804531 - ETPRO TROJAN TrojanClicker.Win32/Agent.ABHQ Checkin (trojan.rules)
2804532 - ETPRO TROJAN TrojanClicker.Win32/Agent.ABHQ Checkin 2 (trojan.rules)
2804535 - ETPRO TROJAN worm.win32/duptwux.a Checkin (trojan.rules)
2804538 - ETPRO TROJAN Trojan-Proxy.Win32.Xorpix.bh Checkin (trojan.rules)
2804542 - ETPRO MALWARE Generic.KDV.71846 INSTALL (malware.rules)
2804551 - ETPRO MALWARE SweetIM Install in Progress 2 (malware.rules)
2804552 - ETPRO MALWARE SweetIM Install in Progress 3 (malware.rules)
2804553 - ETPRO MALWARE SweetIM Install in Progress 4 (malware.rules)
2804555 - ETPRO MALWARE SweetIM instant message redirect.php (malware.rules)
2804560 - ETPRO TROJAN TrojanClicker.Win32/Agent.ABHQ Checkin 3 (trojan.rules)
2804563 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.bpbw Checkin (trojan.rules)
2804564 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QUC Checkin (trojan.rules)
2804565 - ETPRO TROJAN TrojanDropper.Win32/Buzus.B Checkin (trojan.rules)
2804566 - ETPRO TROJAN Generic.Zlob.E1632B6D Checkin (trojan.rules)
2804567 - ETPRO EXPLOIT Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow (exploit.rules)
2804568 - ETPRO MALWARE Adware.Downware.193 Checkin (malware.rules)
2804569 - ETPRO TROJAN TrojanDownloader.Win32/Loakid.A Checkin (trojan.rules)
2804572 - ETPRO TROJAN Win32/Bucriv.B Checkin (trojan.rules)
2804578 - ETPRO MALWARE Adware.Win32/WindowLivePot.A Checkin (malware.rules)
2804579 - ETPRO EXPLOIT TrendMicro Control Manger <= v5.5 CmdProcessor.exe Stack Buffer Overflow (exploit.rules)
2804582 - ETPRO TROJAN Banker.Agent.byr/SMSHoax.55 Checkin (trojan.rules)
2804584 - ETPRO MALWARE Generic AdClicker.p Install (malware.rules)
2804590 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.ficz Checkin (trojan.rules)
2804595 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.xdfp Checkin (trojan.rules)
2804596 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.anwx Checkin (trojan.rules)
2804598 - ETPRO MALWARE Win32.Adware-gen Install (malware.rules)
2804599 - ETPRO MALWARE Win32/Adware.Kraddare.DB Install (malware.rules)
2804601 - ETPRO TROJAN Win32/Klovbot.E Checkin (trojan.rules)
2804605 - ETPRO TROJAN Trojan-Spy.Win32.Agent.byhm Checkin (trojan.rules)
2804607 - ETPRO TROJAN Net-Worm.Win32.Kolab.gen Checkin (trojan.rules)
2804608 - ETPRO TROJAN P2P-Worm.Win32.Palevo.bijc INSTALL (trojan.rules)
2804612 - ETPRO MALWARE Win32/Adware.WindowsLiveProtect.A Checkin (malware.rules)
2804621 - ETPRO TROJAN Worm.Win32/VB.BN Checkin 2 (trojan.rules)
2804624 - ETPRO MALWARE W32/WhiteSmoke.AY Install (malware.rules)
2804627 - ETPRO MALWARE HackTool.Win32/Adduser Install (malware.rules)
2804629 - ETPRO TROJAN Win32/Banker.VBY Checkin (trojan.rules)
2804630 - ETPRO TROJAN Win32/Delf.CM Checkin (trojan.rules)
2804637 - ETPRO INFO DNS Query to a *.coom.in Abused DNS Domain (info.rules)
2804643 - ETPRO MALWARE Win32/Adware.Kraddare.AX Checkin (malware.rules)
2804652 - ETPRO WEB_SPECIFIC_APPS Path Traversal on Polycom Web Management Interface (web_specific_apps.rules)
2804653 - ETPRO TROJAN Win32/Rorpian.B Checkin (trojan.rules)
2804656 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QOT Checkin (trojan.rules)
2804659 - ETPRO TROJAN Variant.Graftor.8567 Checkin (trojan.rules)
2804661 - ETPRO TROJAN Win32/Spy.Banker.XAG Checkin (trojan.rules)
2804664 - ETPRO MALWARE Trackware.Dogpile Install (malware.rules)
2804665 - ETPRO TROJAN Backdoor.Win32.Hupigon.pdqt Checkin (trojan.rules)
2804666 - ETPRO TROJAN Khan DDoS Bot Checkin (trojan.rules)
2804669 - ETPRO TROJAN Bestvirus-protection FakeAV Checkin (trojan.rules)
2804671 - ETPRO EXPLOIT CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure (exploit.rules)
2804673 - ETPRO TROJAN Win32/Busky.gen Checkin (trojan.rules)
2804674 - ETPRO TROJAN Trojan-Downloader.Win32.Delf.dpy Checkin (trojan.rules)
2804677 - ETPRO TROJAN Trojan-Downloader.BAT.Banload.d Checkin (trojan.rules)
2804678 - ETPRO MALWARE Spyware.Known_Bad_Sites Install (malware.rules)
2804680 - ETPRO TROJAN W32.Virut.CF CnC traffic (trojan.rules)
2804683 - ETPRO TROJAN FakeCloudAV2012 Checkin (trojan.rules)
2804684 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.ujgh Checkin (trojan.rules)
2804685 - ETPRO TROJAN Trojan-Downloader.Win32.Geral.xit Checkin (trojan.rules)
2804686 - ETPRO TROJAN Win32/Masteseq.AC Checkin (trojan.rules)
2804689 - ETPRO TROJAN Win32/Stoberox.A Checkin (trojan.rules)
2804693 - ETPRO TROJAN Trojan-Banker.BAT.Banker.t Checkin (trojan.rules)
2804697 - ETPRO TROJAN Trojan.Win32.Spy Checkin (trojan.rules)
2804699 - ETPRO EXPLOIT Google Talk gaiaserver Parameter Injection (exploit.rules)
2804700 - ETPRO TROJAN Win32/Matsnu.gen!A Checkin (trojan.rules)
2804710 - ETPRO TROJAN Trojan-Banker.Win32.Banz.jpb Checkin 1 (trojan.rules)
2804711 - ETPRO TROJAN Trojan-Banker.Win32.Banz.jpb Checkin 2 (trojan.rules)
2804714 - ETPRO TROJAN Backdoor.Win32.Bredolab.ugk Checkin (trojan.rules)
2804716 - ETPRO TROJAN Trojan-Downloader.Win32.Dapato.fxd Checkin (trojan.rules)
2804721 - ETPRO MALWARE Adware.Kraddare!0+gdoqXqjww Checkin (malware.rules)
2804722 - ETPRO TROJAN /test.dll Access Possible Trojan.Win32.Sasfis.bqgl (trojan.rules)
2804726 - ETPRO TROJAN Trojan.Win32.Zapchast.ffs exe Download (trojan.rules)
2804727 - ETPRO MALWARE SmartSecure Checkin (malware.rules)
2804729 - ETPRO CURRENT_EVENTS Eleonore Exploit Kit (current_events.rules)
2804739 - ETPRO TROJAN Win32/Spy.Banker.VER Checkin (trojan.rules)
2804740 - ETPRO MALWARE Downloader.Generic10.BZSM Install (malware.rules)
2804741 - ETPRO TROJAN BScope.Trojan.Banker Checkin (trojan.rules)
2804743 - ETPRO TROJAN TrojanDropper.Injector.arw Checkin (trojan.rules)
2804744 - ETPRO TROJAN Win32/Alureon.V exe download 1 (trojan.rules)
2804746 - ETPRO MALWARE Rogue.Win32/Onescan Checkin (malware.rules)
2804748 - ETPRO TROJAN W32/Banker.JGT Checkin 2 (trojan.rules)
2804749 - ETPRO TROJAN Win32/Shodi.G Checkin (trojan.rules)
2804750 - ETPRO TROJAN Backdoor.Win32.VB.hes Checkin (trojan.rules)
2804751 - ETPRO TROJAN Win32/Bancos.AGN Checkin (trojan.rules)
2804752 - ETPRO TROJAN Trojan-Banker.Win32.Banker2.bwv Checkin (trojan.rules)
2804755 - ETPRO TROJAN Sus/BancDl-A Checkin (trojan.rules)
2804757 - ETPRO MALWARE Adware/Kikin.A Checkin (malware.rules)
2804766 - ETPRO TROJAN Trojan.Win32.TDSS.iqjw Checkin (trojan.rules)

Note: many of these were moved to USER_AGENTS, not deleted

[---]         Removed rules:         [---]

2803731 - ETPRO TROJAN Win32/Obfuscator.XZ User-Agent (myInternet) (trojan.rules)
2803734 - ETPRO TROJAN TrojanProxy.Ukstories.e User-Agent (mcsmss) (trojan.rules)
2803790 - ETPRO MALWARE Win32/Gabpath User-Agent (FPUpdater) (malware.rules)
2803805 - ETPRO TROJAN Win32/Hermes.B at mm User-Agent (Hermes) (trojan.rules)
2803809 - ETPRO MALWARE Win32/Adware.GabPath.BM User-Agent (Blammi) (malware.rules)
2803832 - ETPRO MALWARE Win32/Adware.GabPath.CB User-Agent (FPInstaller) (malware.rules)
2803839 - ETPRO MALWARE Adware.Win32/Gabpath User-Agent (BMRecover) (malware.rules)
2803872 - ETPRO MALWARE AdWare.Win32.Gabpath User-Agent (OCInstaller) (malware.rules)
2803873 - ETPRO MALWARE AdWare.Win32.Gabpath User-Agent (Oncues) (malware.rules)
2803885 - ETPRO TROJAN Win32/Calelk.C User-Agent (Informer) (trojan.rules)
2803900 - ETPRO TROJAN Sasfis/Atraps.AVWU/AMTU.Proxy Contacting CnC via Googleusercontent Translate (trojan.rules)
2803931 - ETPRO TROJAN W32/Gabpath.A.gen!Eldorado User-Agent (OCRecover) (trojan.rules)
2803934 - ETPRO TROJAN Backdoor.Win32.Sheldor.dt User-Agent (x3) (trojan.rules)
2803947 - ETPRO MALWARE Win32/Gabpath User-Agent (WhereSphere) (malware.rules)
2803949 - ETPRO MALWARE Win32/Jinzie User-Agent (PopRocks) (malware.rules)
2803954 - ETPRO MALWARE Win32.Malware.XGW at aSlsEHbG User-Agent (olesio) (malware.rules)
2803995 - ETPRO TROJAN Win32/Kryptik.UNM User-Agent (bansol) (trojan.rules)
2804002 - ETPRO TROJAN Win32/Rimecud.A User-Agent (stalone) (trojan.rules)
2804009 - ETPRO TROJAN Backdoor.Win32/Hanove.A User-Agent (SIMPLE) (trojan.rules)
2804023 - ETPRO TROJAN Win32/Rimecud.A User-Agent (chuck) (trojan.rules)
2804025 - ETPRO TROJAN Win32/Kryptik.UNM User-Agent (wolf) (trojan.rules)
2804036 - ETPRO TROJAN Win32/Kryptik.UNM User-Agent (dieter) (trojan.rules)
2804037 - ETPRO TROJAN Generic.Malware.dld!!.9C8D00AA User-Agent (*!%) (trojan.rules)
2804038 - ETPRO TROJAN Generic.Malware.dld!!.9C8D00AA User-Agent (microsoft.com) (trojan.rules)
2804049 - ETPRO TROJAN Win32/Malushka.A User-Agent (netboom) (trojan.rules)
2804057 - ETPRO TROJAN Win32/Rimecud.A User-Agent (solders) (trojan.rules)
2804058 - ETPRO TROJAN W32/Rimecud.gen.cr User-Agent (goci) (trojan.rules)
2804060 - ETPRO TROJAN Win32/Rimecud.A User-Agent (cadara) (trojan.rules)
2804068 - ETPRO TROJAN Trojan.Win32.Agent2.lpa User-Agent (Ali) (trojan.rules)
2804069 - ETPRO TROJAN Trojan.Win32.Agent2.lpa User-Agent (Exp) (trojan.rules)
2804081 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.uua User-Agent (google___) (trojan.rules)
2804104 - ETPRO MALWARE AdWare.Win32.EzSearch.g User-Agent (WindowEzSearch) - Likely Trojan (malware.rules)
2804114 - ETPRO MALWARE User-Agent (Mozila Firefox) (malware.rules)
2804115 - ETPRO MALWARE User-Agent (Mozilla/4.0 competible) (malware.rules)
2804216 - ETPRO MALWARE AdWare.Win32.SmartSearch!IK User-Agent (SmartSearch) (malware.rules)
2804218 - ETPRO MALWARE AdWare.Win32.Wizpop User-Agent (WizSearch) (malware.rules)
2804219 - ETPRO MALWARE Adware.SearchGuard User-Agent (searchguard) (malware.rules)
2804385 - ETPRO TROJAN Win32/SouGouDownloader.A User-Agent (SouGouDownloader) (trojan.rules)
2804403 - ETPRO TROJAN Trojan.Win32.Menti.kgbj User-Agent (trojan.rules)
2804410 - ETPRO TROJAN Win32/Banload.AGV User-Agent (BOTPA5BG8S) (trojan.rules)
2804411 - ETPRO TROJAN Trojan.Win32.Swisyn.mtz User-Agent (SALLAMAILZILLA) (trojan.rules)
2804477 - ETPRO TROJAN HTTP Request with Random User-Agent (trojan.rules)
2804526 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.aafb User-Agent (cibabam) (trojan.rules)
2804536 - ETPRO MALWARE Adware.EoRezo.T User-Agent (EoEngine) (malware.rules)
2804695 - ETPRO TROJAN Hutizu Rootkit Checkin User-Agent (trojan.rules)
2804734 - ETPRO MALWARE User-Agent (GPRemove) (malware.rules)
2804747 - ETPRO MALWARE Rogue.Win32/Onescan User-Agent (fileboan_install) (malware.rules)
2804997 - ETPRO TROJAN Trojan/Swisyn.wvn User-Agent (Injection) (trojan.rules)
2805021 - ETPRO MALWARE Adware.CasinoClient User-Agent(caszx) (malware.rules)
2805109 - ETPRO TROJAN Win32/Hupigon.DZ User-Agent (IEFILES.INS) (trojan.rules)
2805290 - ETPRO TROJAN Win32/VBInject.QW User-Agent (Sek8War) (trojan.rules)
2805401 - ETPRO TROJAN Variant.Barys.4238 User-Agent (trojan.rules)
2805569 - ETPRO MALWARE Win32/Adware.Kraddare.FS User-Agent(inter) (malware.rules)
2805625 - ETPRO TROJAN User-Agent (Kaka) (trojan.rules)

Date: 
Tuesday, September 19, 2017 - 00:00