Daily Ruleset Update Summary 2017/09/21

[***] Summary: [***]

6 new Open signatures, 10 new Pro (6 + 4).  Adwind, Asacub and Rootnik

Thanks:  @attackdetection

[+++]          Added rules:          [+++]

Open:

2024751 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set 1 (trojan.rules)
2024752 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 2 (trojan.rules)
2024753 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 3 (trojan.rules)
2024754 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 4 (trojan.rules)
2024755 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 5 (trojan.rules)
2024756 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu (trojan.rules)

Pro:

2828021 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 217 (mobile_malware.rules)
2828022 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 218 (mobile_malware.rules)
2828023 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 219 (mobile_malware.rules)
2828024 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab App List Exfil (mobile_malware.rules)

[+++]  Enabled and modified rules:   [+++]

2803731 - ETPRO USER_AGENTS Win32/Obfuscator.XZ User-Agent (myInternet) (user_agents.rules)

[///]     Modified active rules:     [///]

2008752 - ET MALWARE AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (malware.rules)
2009526 - ET MALWARE Downloader Checkin - Downloads Rogue Adware (malware.rules)
2011492 - ET MALWARE Adware.Kraddare Checkin (malware.rules)
2013017 - ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related (malware.rules)
2013556 - ET MALWARE UBar Trojan/Adware Checkin 1 (malware.rules)
2013557 - ET MALWARE UBar Trojan/Adware Checkin 2 (malware.rules)
2013558 - ET MALWARE UBar Trojan/Adware Checkin 3 (malware.rules)
2013956 - ET MALWARE W32/SmartPops Adware Outbound Off-Port MSSQL Communication (malware.rules)
2014583 - ET MALWARE Adware/FakeAV.Kraddare Checkin UA (malware.rules)
2024722 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) (malware.rules)
2024723 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) (malware.rules)
2024724 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) (malware.rules)
2024725 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (opurie) (malware.rules)
2024726 - ET MALWARE Malicious Adware Chrome Extension Detected (1) (malware.rules)
2024727 - ET MALWARE Malicious Adware Chrome Extension Detected (2) (malware.rules)
2024751 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set (trojan.rules)
2804477 - ETPRO USER_AGENTS HTTP Request with Random User-Agent (user_agents.rules)
2804997 - ETPRO USER_AGENTS Trojan/Swisyn.wvn User-Agent (Injection) (user_agents.rules)
2805021 - ETPRO USER_AGENTS Adware.CasinoClient User-Agent(caszx) (user_agents.rules)
2805109 - ETPRO USER_AGENTS Win32/Hupigon.DZ User-Agent (IEFILES.INS) (user_agents.rules)
2805290 - ETPRO USER_AGENTS Win32/VBInject.QW User-Agent (Sek8War) (user_agents.rules)
2805401 - ETPRO USER_AGENTS Variant.Barys.4238 User-Agent (user_agents.rules)
2805569 - ETPRO USER_AGENTS Win32/Adware.Kraddare.FS User-Agent(inter) (user_agents.rules)
2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules)
2822035 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2823673 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2824690 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2825000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2825752 - ETPRO TROJAN Win32/MoonWind CnC (trojan.rules)
2827243 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827395 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827464 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827746 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827757 - ETPRO TROJAN Win32.Denes CnC Beacon (trojan.rules)
2827764 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827807 - ETPRO TROJAN W32/DOTHETUK CNC Checkin (trojan.rules)
2827814 - ETPRO TROJAN Win32/Banload variant CnC (trojan.rules)
2827858 - ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer . com) (trojan.rules)
2827991 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)

[///]    Modified inactive rules:    [///]

2803734 - ETPRO USER_AGENTS TrojanProxy.Ukstories.e User-Agent (mcsmss) (user_agents.rules)
2803790 - ETPRO USER_AGENTS Win32/Gabpath User-Agent (FPUpdater) (user_agents.rules)
2803805 - ETPRO USER_AGENTS Win32/Hermes.B at mm User-Agent (Hermes) (user_agents.rules)
2803809 - ETPRO USER_AGENTS Win32/Adware.GabPath.BM User-Agent (Blammi) (user_agents.rules)
2803832 - ETPRO USER_AGENTS Win32/Adware.GabPath.CB User-Agent (FPInstaller) (user_agents.rules)
2803839 - ETPRO USER_AGENTS Adware.Win32/Gabpath User-Agent (BMRecover) (user_agents.rules)
2803872 - ETPRO USER_AGENTS AdWare.Win32.Gabpath User-Agent (OCInstaller) (user_agents.rules)
2803873 - ETPRO USER_AGENTS AdWare.Win32.Gabpath User-Agent (Oncues) (user_agents.rules)
2803885 - ETPRO USER_AGENTS Win32/Calelk.C User-Agent (Informer) (user_agents.rules)
2803900 - ETPRO USER_AGENTS Sasfis/Atraps.AVWU/AMTU.Proxy Contacting CnC via Googleusercontent Translate (user_agents.rules)
2803931 - ETPRO USER_AGENTS W32/Gabpath.A.gen!Eldorado User-Agent (OCRecover) (user_agents.rules)
2803934 - ETPRO USER_AGENTS Backdoor.Win32.Sheldor.dt User-Agent (x3) (user_agents.rules)
2803947 - ETPRO USER_AGENTS Win32/Gabpath User-Agent (WhereSphere) (user_agents.rules)
2803949 - ETPRO USER_AGENTS Win32/Jinzie User-Agent (PopRocks) (user_agents.rules)
2803954 - ETPRO USER_AGENTS Win32.Malware.XGW at aSlsEHbG User-Agent (olesio) (user_agents.rules)
2803995 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (bansol) (user_agents.rules)
2804002 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (stalone) (user_agents.rules)
2804009 - ETPRO USER_AGENTS Backdoor.Win32/Hanove.A User-Agent (SIMPLE) (user_agents.rules)
2804023 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (chuck) (user_agents.rules)
2804025 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (wolf) (user_agents.rules)
2804036 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (dieter) (user_agents.rules)
2804037 - ETPRO USER_AGENTS Generic.Malware.dld!!.9C8D00AA User-Agent (*!%) (user_agents.rules)
2804038 - ETPRO USER_AGENTS Generic.Malware.dld!!.9C8D00AA User-Agent (microsoft.com) (user_agents.rules)
2804049 - ETPRO USER_AGENTS Win32/Malushka.A User-Agent (netboom) (user_agents.rules)
2804057 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (solders) (user_agents.rules)
2804058 - ETPRO USER_AGENTS W32/Rimecud.gen.cr User-Agent (goci) (user_agents.rules)
2804060 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (cadara) (user_agents.rules)
2804068 - ETPRO USER_AGENTS Trojan.Win32.Agent2.lpa User-Agent (Ali) (user_agents.rules)
2804069 - ETPRO USER_AGENTS Trojan.Win32.Agent2.lpa User-Agent (Exp) (user_agents.rules)
2804081 - ETPRO USER_AGENTS Trojan-Dropper.Win32.Injector.uua User-Agent (google___) (user_agents.rules)
2804104 - ETPRO USER_AGENTS AdWare.Win32.EzSearch.g User-Agent (WindowEzSearch) - Likely Trojan (user_agents.rules)
2804114 - ETPRO USER_AGENTS User-Agent (Mozila Firefox) (user_agents.rules)
2804115 - ETPRO USER_AGENTS User-Agent (Mozilla/4.0 competible) (user_agents.rules)
2804216 - ETPRO USER_AGENTS AdWare.Win32.SmartSearch!IK User-Agent (SmartSearch) (user_agents.rules)
2804218 - ETPRO USER_AGENTS AdWare.Win32.Wizpop User-Agent (WizSearch) (user_agents.rules)
2804219 - ETPRO USER_AGENTS Adware.SearchGuard User-Agent (searchguard) (user_agents.rules)
2804385 - ETPRO USER_AGENTS Win32/SouGouDownloader.A User-Agent (SouGouDownloader) (user_agents.rules)
2804403 - ETPRO USER_AGENTS Trojan.Win32.Menti.kgbj User-Agent (user_agents.rules)
2804410 - ETPRO USER_AGENTS Win32/Banload.AGV User-Agent (BOTPA5BG8S) (user_agents.rules)
2804411 - ETPRO USER_AGENTS Trojan.Win32.Swisyn.mtz User-Agent (SALLAMAILZILLA) (user_agents.rules)
2804526 - ETPRO USER_AGENTS Trojan-Dropper.Win32.Dapato.aafb User-Agent (cibabam) (user_agents.rules)
2804536 - ETPRO USER_AGENTS Adware.EoRezo.T User-Agent (EoEngine) (user_agents.rules)
2804695 - ETPRO USER_AGENTS Hutizu Rootkit Checkin User-Agent (user_agents.rules)
2804734 - ETPRO USER_AGENTS User-Agent (GPRemove) (user_agents.rules)
2804747 - ETPRO USER_AGENTS Rogue.Win32/Onescan User-Agent (fileboan_install) (user_agents.rules)

[---]         Removed rules:         [---]

2827955 - ETPRO TROJAN Malicious Domain in SNI (Meterpreter) (trojan.rules)

Date: 
Thursday, September 21, 2017 - 00:00