Daily Ruleset Update Summary 2017/10/26

[***]            Summary:            [***]

2 new Open, 19 new Pro (2 + 17). Generic Webshell, IRCBot Download, Various Mobile, Various Phishing.

Thanks: @401TRG

[+++]          Added rules:          [+++]

Open:

2024930 - ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body (web_server.rules)
2024931 - ET ATTACK_RESPONSE 401TRG Perl DDoS IRCBot File Download (attack_response.rules)

Pro:

2828427 - ETPRO MOBILE_MALWARE Android/Spy.Banker.PQ Checkin (mobile_malware.rules)
2828428 - ETPRO TROJAN Malicious SSL certificate detected (TrickBot C2) (trojan.rules)
2828429 - ETPRO TROJAN Malicious Domain Panda Banker (tontrumuchtors .com in DNS Lookup) (trojan.rules)
2828430 - ETPRO TROJAN Malicious Domain Panda Banker (tontrumuchtors .com in TLS SNI) (trojan.rules)
2828431 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 1) (trojan.rules)
2828432 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 2) (trojan.rules)
2828433 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 3) (trojan.rules)
2828434 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 4) (trojan.rules)
2828435 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 5) (trojan.rules)
2828436 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 6) (trojan.rules)
2828437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 7) (trojan.rules)
2828438 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 8) (trojan.rules)
2828439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-26 9) (trojan.rules)
2828440 - ETPRO TROJAN Chthonic CnC Beacon 10 (trojan.rules)
2828441 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2828442 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Oct 26 2017 (current_events.rules)
2828443 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2024911 - ET CURRENT_EVENTS Possible BadRabbit Driveby Download M1 Oct 24 2017 (current_events.rules)
2826030 - ETPRO TROJAN GOBLIN PANDA Looc CnC Beacon (trojan.rules)
2828220 - ETPRO TROJAN Cerber Domain Observed (1gam57 .top in TLS SNI) (trojan.rules)
2828314 - ETPRO TROJAN Magniber Ransomware Checkin 1 (trojan.rules)
2828315 - ETPRO TROJAN Magniber Ransomware Checkin 2 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2801281 - ETPRO EXPLOIT NetSupport Manager Client Buffer Overflow Relative (exploit.rules)

Date: 
Thursday, October 26, 2017 - 00:00