Daily Ruleset Update Summary 2017/10/17

[***]            Summary:            [***]

2 new Open, 16 new Pro (2 + 14). Anubi Ransomware, Gh0st Variant, Various Phishing, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024848 - ET TROJAN Trojan.JS.Agent.dwz Checkin (trojan.rules)
2024849 - ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 1 (trojan.rules)

Pro:

2828319 - ETPRO TROJAN Win32/Anubi Ransomware CnC Activity (trojan.rules)
2828320 - ETPRO TROJAN Ursnif SSL Certificate (trojan.rules)
2828321 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon (mobile_malware.rules)
2828322 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon 2 (mobile_malware.rules)
2828323 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish M1 Oct 17 2017 (current_events.rules)
2828324 - ETPRO TROJAN Unknown Gh0st Variant CnC Beacon (trojan.rules)
2828325 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish M2 Oct 17 2017 (current_events.rules)
2828326 - ETPRO TROJAN Possibly Malicious User-Agent (myappname) (trojan.rules)
2828327 - ETPRO CURRENT_EVENTS Successful Phish - Generic Processing Message Oct 17 2017 (current_events.rules)
2828328 - ETPRO TROJAN NoBo User-Agent (trojan.rules)
2828329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o CnC Beacon (mobile_malware.rules)
2828330 - ETPRO TROJAN Possible Magnitude/Magnigate Server HTTP Response Header (trojan.rules)
2828331 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 17 2017 (current_events.rules)
2828332 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)

[///]     Modified active rules:     [///]

2810628 - ETPRO TROJAN NanHaiShu JavaScript backdoor CnC Beacon M2 (b64 3) (trojan.rules)
2813009 - ETPRO CURRENT_EVENTS DHL Phish Landing Sept 14 2015 (current_events.rules)
2813010 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 14 2015 (current_events.rules)
2813042 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 2015 (current_events.rules)
2813043 - ETPRO CURRENT_EVENTS DHL Phish Landing Page Sept 16 2015 (current_events.rules)
2814151 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 29 2015 (current_events.rules)
2814917 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 13 2015 (current_events.rules)
2814918 - ETPRO CURRENT_EVENTS DHL Phish Landing Nov 13 2015 (current_events.rules)
2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript - Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
2815495 - ETPRO CURRENT_EVENTS Anonisma AES Crypto Observed in Javascript - Possible Phishing Landing M2 Dec 28 2015 (current_events.rules)
2815565 - ETPRO CURRENT_EVENTS Successful DHL Phish M1 Dec 31 2016 (current_events.rules)
2815566 - ETPRO CURRENT_EVENTS Successful DHL Phish Dec 31 2015 (current_events.rules)
2815600 - ETPRO CURRENT_EVENTS DHL/Adobe/Excel Phishing Landing Jan 05 2016 (current_events.rules)
2815601 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 05 2016 (current_events.rules)
2816074 - ETPRO CURRENT_EVENTS DHL Phishing Landing Feb 3 2016 (current_events.rules)
2816119 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 8 2016 (current_events.rules)
2816120 - ETPRO CURRENT_EVENTS DHL Phish Landing Feb 08 2016 (current_events.rules)
2820238 - ETPRO CURRENT_EVENTS Successful Onedrive Phish May 16 2016 (current_events.rules)
2821040 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jul 11 2016 (current_events.rules)
2821041 - ETPRO CURRENT_EVENTS Successful DHL Phish Jul 11 2016 (current_events.rules)
2827594 - ETPRO TROJAN Formbook Stealer Checkin (trojan.rules)
2828081 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sep 28 2017 (current_events.rules)
2828310 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A DNS Lookup (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2815855 - ETPRO CURRENT_EVENTS Successful DHL Phish Jan 19 2016 (current_events.rules)
2816072 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 3 (current_events.rules)

[---]         Disabled rules:        [---]

2804767 - ETPRO TROJAN Trojan-Spy.Win32.Agent.bxuh Checkin (trojan.rules)
2804779 - ETPRO TROJAN Win32/Comisproc Checkin (trojan.rules)
2804780 - ETPRO TROJAN Win32/Comisproc Checkin 2 (trojan.rules)
2804784 - ETPRO TROJAN W32/Spyrat.A Checkin (trojan.rules)
2804786 - ETPRO TROJAN Win32/Spy.VB.NJJ Checkin (trojan.rules)
2804787 - ETPRO TROJAN Win32/AgentBypass.gen!K Checkin (trojan.rules)
2804788 - ETPRO TROJAN Win32/Pilrurl.A Checkin (trojan.rules)
2804792 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype ZIPSFX (exploit.rules)
2804793 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype RAR (exploit.rules)
2804794 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype Lharc SFX (exploit.rules)
2804801 - ETPRO TROJAN Win32/Bancos.AGP Checkin (trojan.rules)
2804803 - ETPRO TROJAN Trojan-Downloader.Win32.Adload.dats CnC Traffic (trojan.rules)
2804804 - ETPRO TROJAN Trojan.Win32.Swisyn.chxm Checkin (trojan.rules)
2804811 - ETPRO TROJAN P2P-Worm.Win32.Palevo.boxg Checkin (trojan.rules)
2804812 - ETPRO TROJAN Trojan-Banker.BAT.Banker.m Checkin (trojan.rules)
2804817 - ETPRO TROJAN Win32/Autoit.NJT Checkin (trojan.rules)
2804822 - ETPRO TROJAN Trojan.DownLoader Checkin (trojan.rules)
2804826 - ETPRO TROJAN Win32/Locotout.gen!A CnC Traffic (trojan.rules)
2804828 - ETPRO TROJAN Trojan/Buzus.hgv Checkin (trojan.rules)
2804831 - ETPRO TROJAN Win32.Injecter.fvp Checkin (trojan.rules)
2804837 - ETPRO TROJAN Downloader.Darkmegi Checkin (trojan.rules)
2804840 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.dvnk Checkin (trojan.rules)
2804841 - ETPRO TROJAN Win32/Opachki.F Checkin (trojan.rules)
2804842 - ETPRO TROJAN Trojan-FakeAV.Win32.SmartFortress2012.lw Checkin (trojan.rules)
2804844 - ETPRO TROJAN Trojan.Downloader.Agent-1187 Checkin (trojan.rules)
2804845 - ETPRO TROJAN Trojan.Win32.Vilsel Checkin (trojan.rules)
2804846 - ETPRO TROJAN Win32/Ponfoy.A Checkin (trojan.rules)
2804847 - ETPRO TROJAN Ransom.EJ/Winlock.5857 Checkin (trojan.rules)
2804848 - ETPRO TROJAN Trojan-Downloader.Win32.Adload.cfms Checkin (trojan.rules)
2804849 - ETPRO TROJAN Win32/Spy.Bancos.OMJ Checkin (trojan.rules)
2804854 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.eoqo Checkin (trojan.rules)
2804862 - ETPRO TROJAN HackTool.Win32.Binder.bs Checkin (trojan.rules)
2804863 - ETPRO TROJAN Trojan.Win32.Invader CnC Traffic (trojan.rules)
2804866 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.alvy Checkin (trojan.rules)
2804867 - ETPRO TROJAN Trojan-Banker.Win32.Banker.srjp Checkin (trojan.rules)
2804870 - ETPRO TROJAN Backdoor.Win32.Autocrat.b Checkin (trojan.rules)
2804873 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.axvi Checkin (trojan.rules)
2804878 - ETPRO TROJAN Worm.Win32/Juched.A Retrieving PE file via FTP (trojan.rules)
2804881 - ETPRO TROJAN Trojan.Agent-275138 Checkin (trojan.rules)
2804901 - ETPRO TROJAN Trojan-Clicker.Win32.VB.alu Checkin (trojan.rules)
2804903 - ETPRO TROJAN W32/Troj_Generic.BNJME Checkin (trojan.rules)
2804904 - ETPRO TROJAN Trojan.Autoit-124 Checkin (trojan.rules)
2804905 - ETPRO TROJAN Win32/Horst.gen!C Checkin (trojan.rules)
2804914 - ETPRO TROJAN Potential Adobe Flash type confusion exploit attempt 1 (trojan.rules)
2804915 - ETPRO TROJAN Potential Adobe Flash type confusion exploit attempt 2 (trojan.rules)
2804916 - ETPRO TROJAN Potential Adobe Flash type confusion exploit attempt 3 (trojan.rules)
2804917 - ETPRO TROJAN Potential Adobe Flash type confusion exploit attempt 4 (trojan.rules)
2804919 - ETPRO TROJAN Win32.Swisyn.cioi Checkin (trojan.rules)
2804924 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.buij Checkin (trojan.rules)
2804928 - ETPRO TROJAN W32.Philis.Q Checkin (trojan.rules)
2804929 - ETPRO TROJAN TrojanDownloader.Win32/Banload.ACI Checkin 2 (trojan.rules)
2804931 - ETPRO TROJAN W32.Colowned.A Checkin 1 (trojan.rules)
2804932 - ETPRO TROJAN W32.Colowned.A Checkin 2 (trojan.rules)
2804933 - ETPRO TROJAN Win32/Virut.BN Checkin 2 (trojan.rules)
2804934 - ETPRO TROJAN Dropper-FQE Checkin (trojan.rules)
2804941 - ETPRO TROJAN Win32/Karagany.E Checkin 1 (trojan.rules)
2804943 - ETPRO TROJAN Backdoor/Buterat.abl Checkin (trojan.rules)
2804945 - ETPRO TROJAN W32/Banload.XPX!tr Checkin (trojan.rules)
2804946 - ETPRO TROJAN WinNT/Nagyo.C!rootkit Checkin (trojan.rules)
2804947 - ETPRO TROJAN Backdoor.VB.5 CnC Traffic (trojan.rules)
2804948 - ETPRO TROJAN TrojanDownloader.Win32/Pluzoks.A Checkin 2 (trojan.rules)
2804949 - ETPRO TROJAN Fraudpack-356/RogueAntiSpyware.XPAntivirus Checkin (trojan.rules)
2804952 - ETPRO TROJAN Win32/Ofreayo.A Checkin (trojan.rules)
2804953 - ETPRO TROJAN Hupigon.68562 Checkin (trojan.rules)
2804954 - ETPRO TROJAN Trojan.Fadedoor.10B-1 Checkin (trojan.rules)
2804955 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.arqa Checkin (trojan.rules)
2804956 - ETPRO TROJAN herpnet C&C (trojan.rules)
2804961 - ETPRO TROJAN W32/Karagany.TK Checkin (trojan.rules)
2804965 - ETPRO TROJAN Win32.Nitol.B/Ahea.gen DDoS Command from Server (trojan.rules)
2804969 - ETPRO TROJAN Mal/ZboCheMan-D Checkin (trojan.rules)
2804970 - ETPRO TROJAN Trojan.Win32.Inse.c Checkin (trojan.rules)
2804971 - ETPRO MALWARE Riskware/InstallBrain Install (malware.rules)
2804974 - ETPRO TROJAN Trojan.Win32.Spy!IK Checkin (trojan.rules)
2804975 - ETPRO TROJAN Trojan-Banker.Win32.Bancos.tge Checkin (trojan.rules)
2804976 - ETPRO TROJAN Trojan.Win32.Diple.deyt Checkin (trojan.rules)
2804985 - ETPRO TROJAN PSW.Banker6.ZXK Checkin (trojan.rules)
2804989 - ETPRO TROJAN Trojan-Dropper.Win32.Bina.f Checkin (trojan.rules)
2804990 - ETPRO TROJAN Trojan.FirewallBypass.VqX at aCTjNMlb Checkin (trojan.rules)
2804992 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.tdzl Checkin (trojan.rules)
2804993 - ETPRO TROJAN Virus.Win32.Malware!IK CnC Traffic (trojan.rules)
2804994 - ETPRO TROJAN Mal/Autorun-G Checkin (trojan.rules)
2804996 - ETPRO TROJAN Trojan-Banker.Win32.Banker.ssqw Checkin (trojan.rules)
2804997 - ETPRO USER_AGENTS Trojan/Swisyn.wvn User-Agent (Injection) (user_agents.rules)
2805005 - ETPRO TROJAN TrojanDownloader.Win32/Banload.ZL Checkin 1 (trojan.rules)
2805008 - ETPRO TROJAN W32/Refroso.DZP!tr sending info via SMTP (trojan.rules)
2805009 - ETPRO TROJAN Gen.Win32.SMTP-Mailer.!GW at aG6DWHbc sending info via SMTP (trojan.rules)
2805011 - ETPRO TROJAN Win32/Banload.ALK Checkin (trojan.rules)
2805012 - ETPRO TROJAN Spyware.Keylogger!rem (trojan.rules)
2805013 - ETPRO TROJAN Trojan-Banker.Win32.Banker.pcl Checkin (trojan.rules)
2805017 - ETPRO TROJAN Unknown Chinese Malware getting config INSTALL (trojan.rules)
2805018 - ETPRO TROJAN Trojan.Win32.Buzus.liir Checkin (trojan.rules)
2805019 - ETPRO MALWARE Adware.CasinoClient Checkin (malware.rules)
2805020 - ETPRO MALWARE Adware.CasinoClient INSTALL (malware.rules)
2805021 - ETPRO USER_AGENTS Adware.CasinoClient User-Agent(caszx) (user_agents.rules)
2805024 - ETPRO TROJAN PWS-Zbot.gen.hv CnC Traffic (trojan.rules)
2805027 - ETPRO TROJAN Win32/TrojanDownloader.Banload.RDL Checkin (trojan.rules)
2805028 - ETPRO TROJAN Flamer Blacklisted key 1 Seen over HTTP (trojan.rules)
2805029 - ETPRO TROJAN Flamer blacklisted key 2 Seen over HTTP (trojan.rules)
2805031 - ETPRO TROJAN Win32/Weelsof.A Checkin (trojan.rules)
2805033 - ETPRO WEB_SPECIFIC_APPS Ruby on Rails Active Record SQL-injection (web_specific_apps.rules)
2805035 - ETPRO TROJAN Trojan-Dropper.Win32.Dinwod.cv CnC Traffic (trojan.rules)
2805036 - ETPRO TROJAN TrojanDownloader.Banload.brce Checkin (trojan.rules)
2805037 - ETPRO TROJAN Win32/Obvod.K Checkin (trojan.rules)
2805039 - ETPRO TROJAN Pykspa.A Checkin (trojan.rules)
2805043 - ETPRO TROJAN Pcclient-85 Keepalive/Checkin (trojan.rules)
2805045 - ETPRO WEB_SPECIFIC_APPS DynamicsAx XSS to Server (web_specific_apps.rules)
2805066 - ETPRO TROJAN WORM_SDBOT.GEN-1 CnC Traffic (trojan.rules)
2805073 - ETPRO TROJAN Win32/Banker.AHM Checkin (trojan.rules)
2805075 - ETPRO TROJAN W32/VBKrypt.LYKL!tr Checkin (trojan.rules)
2805077 - ETPRO TROJAN W32/VB.POZ!tr.dldr Downloading exe file (trojan.rules)
2805078 - ETPRO TROJAN Ransom.Win32.ZedoPoo.aac Checkin (trojan.rules)
2805085 - ETPRO TROJAN W32/Banker.M!tr Checkin (trojan.rules)
2805086 - ETPRO TROJAN TrojWare.Win32.TrojanDownloader.Banload.gen.f Checkin (trojan.rules)
2805088 - ETPRO TROJAN Trojan-Spy.Win32.Delf.adpb checkin (trojan.rules)
2805097 - ETPRO TROJAN Win32/Vbinder.CO Checkin (trojan.rules)
2805100 - ETPRO TROJAN Win32/Bancos.ACM Checkin 2 (trojan.rules)
2805101 - ETPRO TROJAN Trojan.Downloader.JOER Checkin (trojan.rules)
2805103 - ETPRO TROJAN Trojan.Win32.Vilsel.blgz .exe file download (trojan.rules)
2805104 - ETPRO TROJAN Win32/Malagent Checkin (trojan.rules)
2805109 - ETPRO USER_AGENTS Win32/Hupigon.DZ User-Agent (IEFILES.INS) (user_agents.rules)
2805110 - ETPRO TROJAN Trojan-Downloader.Banload Chekin (trojan.rules)
2805112 - ETPRO TROJAN Trojan.Buzus.lbfq Checkin (trojan.rules)
2805114 - ETPRO TROJAN HackTool.Win32/CCProxy.C .exe file Download (trojan.rules)
2805118 - ETPRO TROJAN SpyEyes FTP Channel (trojan.rules)
2805119 - ETPRO TROJAN HackTool.Win32.Binder.bs .exe file Download (trojan.rules)
2805134 - ETPRO TROJAN NoBo Checkin (trojan.rules)
2805135 - ETPRO TROJAN NoBo Downloading TXT (trojan.rules)
2805143 - ETPRO CURRENT_EVENTS Possible WORM W32.Printlove spreading via cve 2010-2729 (current_events.rules)
2805145 - ETPRO NETBIOS Microsoft Word Insecure imeshare.dll Library Loading - SMB ASCII (netbios.rules)
2805150 - ETPRO WEB_SERVER Microsoft SharePoint XSS attempt (web_server.rules)
2805151 - ETPRO TROJAN Win32/SSonce.A Checkin (trojan.rules)
2805152 - ETPRO TROJAN HackTool.MSIL.Flooder.gen Checkin (trojan.rules)
2805159 - ETPRO TROJAN Trojan.Agent-276095 Checkin (trojan.rules)
2805160 - ETPRO WEB_SERVER Microsoft SharePoint XSS attempt 2 (web_server.rules)
2805167 - ETPRO TROJAN W32/Dapato.LUY!tr.dldr Checkin (trojan.rules)
2805168 - ETPRO MALWARE Adware.TimeSink.P Checkin (malware.rules)
2805171 - ETPRO TROJAN Trojan-Spy.Win32.Zbot.ecnq Checkin (trojan.rules)
2805172 - ETPRO TROJAN W32/Downloader.BEMB.dropper Checkin (trojan.rules)
2805173 - ETPRO TROJAN Trojan-PSW.Win32.Agent.ozr Checkin (trojan.rules)
2805174 - ETPRO TROJAN W32/Banbra.ASYO!tr Checkin (trojan.rules)
2805182 - ETPRO TROJAN Win32/BitCoinMiner.A Checkin (trojan.rules)
2805183 - ETPRO EXPLOIT Novell ZENworks Configuration Management Preboot Service Remote File Access (exploit.rules)
2805184 - ETPRO TROJAN Win32/Clidak.A Checkin (trojan.rules)
2805185 - ETPRO TROJAN Win32/Biloky.A Checkin (trojan.rules)
2805186 - ETPRO TROJAN Madhi Trojan checkin (trojan.rules)
2805188 - ETPRO TROJAN PWS.Win32/Frethog.V checkin (trojan.rules)
2805189 - ETPRO TROJAN Graftor/General Downloader Checkin check_update.php (trojan.rules)
2805191 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QYE Checkin (trojan.rules)
2805194 - ETPRO TROJAN PWS.Win32/Frethog.V requesting .exe file (trojan.rules)
2805198 - ETPRO TROJAN Trojan-PSW.Win32.LdPinch.awfp!A2 Checkin (trojan.rules)
2805207 - ETPRO TROJAN Win32/Delf.W Checkin (trojan.rules)
2805209 - ETPRO TROJAN Trojan-Downloader.Win32.Karagany.pt Checkin (trojan.rules)
2805212 - ETPRO TROJAN Win32/Delf.DL Checkin (trojan.rules)
2805213 - ETPRO TROJAN Trojan-Banker.Win32.Banker.stku Checkin SQL (trojan.rules)
2805220 - ETPRO MALWARE Win-Adware/KorAd.138208 Checkin (malware.rules)
2805221 - ETPRO TROJAN Trojan.Generic.KDV.671881 TLSv1 Client Hello (trojan.rules)
2805222 - ETPRO TROJAN Trojan.Generic.KDV.671881 TLSv1 Server Hello Certificate (trojan.rules)
2805223 - ETPRO TROJAN W32/Scar.GKKK!tr Checkin (trojan.rules)
2805224 - ETPRO TROJAN Win32/TrojanDownloader.Banload.OKO Checkin (trojan.rules)
2805232 - ETPRO TROJAN Trojan.Win32.Meredrop request (trojan.rules)
2805234 - ETPRO TROJAN Win32/Banload.AMR Checkin (trojan.rules)
2805236 - ETPRO TROJAN DNS Query to FinFisher Spy Kit Domain (tiger.gamma-international .de) (trojan.rules)
2805237 - ETPRO TROJAN HTTP Request to FinFisher Spy Kit Domain (ff-demo.blogdns .org) (trojan.rules)
2805238 - ETPRO TROJAN DNS Query to FinFisher Spy Kit Domain(ff-demo.blogdns .org) (trojan.rules)
2805240 - ETPRO TROJAN Win32/Swisyn.J .dll request (trojan.rules)
2805245 - ETPRO TROJAN MAC OSX Trojan Campaign .jar file request 1 (trojan.rules)
2805246 - ETPRO TROJAN MAC OSX Trojan Campaign .jar file request 2 (trojan.rules)
2805247 - ETPRO TROJAN W32/Dapato.BLTR!tr Checkin (trojan.rules)
2805248 - ETPRO TROJAN Win32/ProxyChanger.EI Checkin (trojan.rules)
2805249 - ETPRO TROJAN Spy.Banker.QEP Checkin (trojan.rules)
2805250 - ETPRO TROJAN W32/Yoshi.X!tr Checkin (trojan.rules)
2805251 - ETPRO TROJAN Madhi Trojan Checkin 2 (trojan.rules)
2805329 - ETPRO TROJAN Trojan Elirks cyber-espionage campaign microblogging service Plurk known account (trojan.rules)

[---]         Removed rules:         [---]

2816746 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fo Checkin (mobile_malware.rules)

Date: 
Tuesday, October 17, 2017 - 00:00