Daily Ruleset Update Summary 2017/10/19

[***] Summary: [***]

27 new Open signatures, 37 new Pro (27 + 10).  Winnti, APT28, Orion Logger.

Thanks:  @401TRG

[+++]          Added rules:          [+++]

Open:

2024851 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024852 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024853 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024854 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024855 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024856 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024857 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024858 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024859 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024860 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024861 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024862 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024863 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024864 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024865 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024866 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024867 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024868 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024869 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024870 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024871 - ET TROJAN Possible Winnti-related DNS Lookup (google-statics .com) (trojan.rules)
2024872 - ET TROJAN Possible Winnti-related DNS Lookup (google-searching .com) (trojan.rules)
2024873 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024874 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024875 - ET TROJAN Possible Winnti-related Destination (google-searching .com) (trojan.rules)
2024876 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024877 - ET TROJAN Possible Winnti-related Destination (trojan.rules)

Pro:

2828341 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2828342 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828343 - ETPRO CURRENT_EVENTS Unknown MalDoc Checkin Oct 2017 (current_events.rules)
2828344 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.cl SMS Exfil via SMTP (mobile_malware.rules)
2828345 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 29 (mobile_malware.rules)
2828346 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.EP SMS Exfil via SMTP (mobile_malware.rules)
2828347 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.EP GPS Exfil via SMTP (mobile_malware.rules)
2828348 - ETPRO TROJAN Orion Logger Sending System Info to CnC (trojan.rules)
2828349 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ol SMS Exfil via SMTP (mobile_malware.rules)
2828350 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ol Contact Exfil via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2017876 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 5 (trojan.rules)
2017877 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 6 (trojan.rules)
2819978 - ETPRO TROJAN Tordal/Hancitor/Chanitor Checkin (trojan.rules)
2823078 - ETPRO TROJAN APT28 DealersChoice CnC Beacon M1 (trojan.rules)
2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)
2828330 - ETPRO TROJAN Possible Magnitude/Magnigate EK Server HTTP Response Header (trojan.rules)

Date: 
Thursday, October 19, 2017 - 00:00