Daily Ruleset Update Summary 2017/09/20

[***]            Summary:            [***]

23 new Open, 35 new Pro (23 + 12). TURNEDUP.Backdoor DNS, CVE-2017-8759 Soap File DL Over FTP, Various Phishing, Mobile.

Thanks: @attackdetection

[+++]          Added rules:          [+++]

Open:

2024728 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
2024729 - ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL Over FTP (current_events.rules)
2024730 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (chromup) (trojan.rules)
2024731 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (securityupdated) (trojan.rules)
2024732 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (googlmail) (trojan.rules)
2024733 - ET TROJAN DNS Query For TURNEDUP.Backdoor / NanoCore CnC (microsoftupdated) (trojan.rules)
2024734 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (syn.broadcaster) (trojan.rules)
2024735 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup (mobile_malware.rules)
2024736 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 2 (mobile_malware.rules)
2024737 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 3 (mobile_malware.rules)
2024738 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 4 (mobile_malware.rules)
2024739 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 5 (mobile_malware.rules)
2024740 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 6 (mobile_malware.rules)
2024741 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 7 (mobile_malware.rules)
2024742 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 8 (mobile_malware.rules)
2024743 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 9 (mobile_malware.rules)
2024744 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 10 (mobile_malware.rules)
2024745 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 11 (mobile_malware.rules)
2024746 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 12 (mobile_malware.rules)
2024747 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 13 (mobile_malware.rules)
2024748 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 14 (mobile_malware.rules)
2024749 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 15 (mobile_malware.rules)
2024750 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 16 (mobile_malware.rules)

Pro:

2828009 - ETPRO TROJAN DNS Query to Cerber Domain (17q8f6 . top) (trojan.rules)
2828010 - ETPRO TROJAN DNS Query to Cerber Domain (1d88b8 . top) (trojan.rules)
2828011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 1) (trojan.rules)
2828012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 2) (trojan.rules)
2828013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 3) (trojan.rules)
2828014 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 4) (trojan.rules)
2828015 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 5) (trojan.rules)
2828016 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 6) (trojan.rules)
2828017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 7) (trojan.rules)
2828018 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 8) (trojan.rules)
2828019 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 9) (trojan.rules)
2828020 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-20 10) (trojan.rules)

[///]     Modified active rules:     [///]

2804477 - ETPRO USER_AGENTS HTTP Request with Random User-Agent (user_agents.rules)
2804997 - ETPRO USER_AGENTS Trojan/Swisyn.wvn User-Agent (Injection) (user_agents.rules)
2805021 - ETPRO USER_AGENTS Adware.CasinoClient User-Agent(caszx) (user_agents.rules)
2805109 - ETPRO USER_AGENTS Win32/Hupigon.DZ User-Agent (IEFILES.INS) (user_agents.rules)
2805290 - ETPRO USER_AGENTS Win32/VBInject.QW User-Agent (Sek8War) (user_agents.rules)
2805401 - ETPRO USER_AGENTS Variant.Barys.4238 User-Agent (user_agents.rules)
2805569 - ETPRO USER_AGENTS Win32/Adware.Kraddare.FS User-Agent(inter) (user_agents.rules)
2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules)
2815098 - ETPRO TROJAN Backdoor.Busadom CnC Beacon 3 (trojan.rules)
2825752 - ETPRO TROJAN Win32/MoonWind CnC (trojan.rules)
2827992 - ETPRO TROJAN TrickBot IP Check (trojan.rules)
2828001 - ETPRO WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)
2828007 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)

[---]         Removed rules:         [---]

2017850 - ET CURRENT_EVENTS SPL2 PluginDetect Data Hash (current_events.rules)

Date: 
Wednesday, September 20, 2017 - 00:00