Daily Ruleset Update Summary 2017/10/16

[***]            Summary:            [***]

5 new Open, 9 new Pro (5 + 9). Android/DoubleLocker.A, MSIL/CoalaBot, Magniber Ransomware, Various Phishing.

Thanks: Adair John Collins, Shyaam Sundhar

[+++]          Added rules:          [+++]

Open:

2024843 - ET SCAN struts-pwn User-Agent (scan.rules)
2024844 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016 (current_events.rules)
2024845 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Oct 16 2016 (current_events.rules)
2024846 - ET CURRENT_EVENTS Successful Paypal Phish Oct 16 2017 (current_events.rules)
2024847 - ET CURRENT_EVENTS Successful Paypal (FR) Phish Oct 16 2017 (current_events.rules)

Pro:

2828308 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon 2 (mobile_malware.rules)
2828310 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A DNS Lookup (mobile_malware.rules)
2828312 - ETPRO TROJAN Unknown Maldoc POST to CnC (trojan.rules)
2828313 - ETPRO TROJAN MSIL/CoalaBot CnC Checkin M2 (trojan.rules)
2828314 - ETPRO TROJAN Magniber Ransomware Checkin 1 (trojan.rules)
2828315 - ETPRO TROJAN Magniber Ransomware Checkin 2 (trojan.rules)
2828316 - ETPRO TROJAN Orz JavaScript Backdoor Sending Password to CnC (trojan.rules)
2828317 - ETPRO TROJAN Orz JavaScript Backdoor Communicating with CnC (trojan.rules)
2828318 - ETPRO CURRENT_EVENTS Successful Apple GSX Phish Oct 16 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2810628 - ETPRO TROJAN NanHaiShu JavaScript backdoor CnC Beacon M2 (b64 3) (trojan.rules)
2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript - Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
2815495 - ETPRO CURRENT_EVENTS Anonisma AES Crypto Observed in Javascript - Possible Phishing Landing M2 Dec 28 2015 (current_events.rules)
2827111 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon (mobile_malware.rules)
2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)

Date: 
Monday, October 16, 2017 - 00:00