Daily Ruleset Update Summary 2017/09/26

[***]            Summary:            [***]

3 new Open, 15 new Pro (3 + 12). DoublePulsar Backdoor, MSIL/Bancos Variant, Various Mobile, Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024766 - ET EXPLOIT [PTsecurity] DoublePulsar Backdoor installation communication (exploit.rules)
2024767 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 (current_events.rules)
2024768 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M2 (current_events.rules)

Pro:

2828057 - ETPRO TROJAN Win32/Delf.BVP CnC Beacon M2 (trojan.rules)
2828058 - ETPRO TROJAN Win32/Delf.BVP CnC Keep-Alive Beacon (trojan.rules)
2828059 - ETPRO TROJAN StrongPity SSL Cert (trojan.rules)
2828060 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)
2828061 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.PornVideo.ao / ZINIU Checkin (mobile_malware.rules)
2828062 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
2828063 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 222 (mobile_malware.rules)
2828064 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep 26 2017 (current_events.rules)
2828065 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Sep 26 2017 (current_events.rules)
2828066 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 223 (mobile_malware.rules)
2828067 - ETPRO CURRENT_EVENTS Successful BCP Bank M1 Phish Sep 26 2017 (current_events.rules)
2828068 - ETPRO CURRENT_EVENTS Successful BCP Bank M2 Phish Sep 26 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2024338 - ET TROJAN Observed GET Request to Jaff Domain (orhangazitur .com) (trojan.rules)
2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015 (current_events.rules)
2820350 - ETPRO CURRENT_EVENTS Suspicious Redirect - Possible Phishing May 25 (current_events.rules)
2828050 - ETPRO TROJAN Corebot DNS Lookup (Dropper) (trojan.rules)

[---]         Removed rules:         [---]

2828007 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)

Date: 
Tuesday, September 26, 2017 - 00:00