Daily Ruleset Update Summary 2017/09/25

[***]            Summary:            [***]

4 new Open, 18 new Pro (4 + 14). Browser Coin Mining. Various Phishing, Mobile.

[+++]          Added rules:          [+++]

Open:

2024720 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining (current_events.rules)
2024763 - ET INFO Adilbo HTML Encoder Observed (info.rules)
2024764 - ET INFO Suspicious Darkwave Popads Pop Under Redirect (info.rules)
2024765 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.RedAlert CnC Beacon (mobile_malware.rules)

Pro:

2828042 - ETPRO CURRENT_EVENTS Successful Citibank Phish Sep 23 2017 (current_events.rules)
2828043 - ETPRO CURRENT_EVENTS Successful BBVA Continental Phish Sep 23 2017 (current_events.rules)
2828044 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 23 2017 (current_events.rules)
2828045 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish Sep 23 2017 (current_events.rules)
2828046 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 23 2017 (current_events.rules)
2828048 - ETPRO TROJAN Retefe trojan install/config log FTP upload (trojan.rules)
2828049 - ETPRO TROJAN Malicious Domain in SNI Observed - Possible Browser Coin Mining (trojan.rules)
2828050 - ETPRO TROJAN Malicious DNS Lookup (Dropper) (trojan.rules)
2828051 - ETPRO MOBILE_MALWARE Android/FakePay.A Checkin (mobile_malware.rules)
2828052 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Sep 25 2017 Domain in SNI (current_events.rules)
2828053 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i / Exobot Domain Request in SNI (mobile_malware.rules)
2828054 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i / Exobot Domain Request in SNI 2 (mobile_malware.rules)
2828055 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i / Exobot Domain Request in SNI 3 (mobile_malware.rules)
2828056 - ETPRO TROJAN Win32/Unknown CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

2023595 - ET TROJAN Trojan.Kwampirs Outbound GET request (trojan.rules)
2024490 - ET TROJAN HTTP Andromeda File Request (trojan.rules)
2024531 - ET TROJAN MSIL/CoalaBot CnC Activity (trojan.rules)
2024758 - ET TROJAN Win32/Scarsi Variant CnC Activity (trojan.rules)
2826866 - ETPRO TROJAN W32.Yakes Variant Checkin (trojan.rules)
2826920 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.LN / RedAlert Checkin (mobile_malware.rules)
2827987 - ETPRO TROJAN MSIL.GuFran EXE DL (trojan.rules)

[---]         Removed rules:         [---]

2024720 - ET TROJAN Lets Encrypt Free SSL Cert Observed in Possible Javascript Cryptocurrency Mining (trojan.rules)

Date: 
Monday, September 25, 2017 - 00:00