Daily Ruleset Update Summary 2017/10/27

[***]            Summary:            [***]

1 new Open, 20 new Pro (1 + 20). BACKSWING JS Framework, MSIL/Kryptik.LKC CnC, Various Mobile, Various Phishing.

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

2024932 - ET CURRENT_EVENTS Possible BACKSWING JS Framework POST Observed (current_events.rules)

Pro:

2828444 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Downloader CnC) (trojan.rules)
2828445 - ETPRO POLICY External IP Address Lookup (howtofindmyipaddress .com) (policy.rules)
2828446 - ETPRO TROJAN MSIL/Unknown Downloader Activity (trojan.rules)
2828447 - ETPRO TROJAN Cerber Domain Observed (hajw7w .bid in DNS Lookup) (trojan.rules)
2828448 - ETPRO TROJAN Cerber Domain Observed (hajw7w .bid in TLS SNI) (trojan.rules)
2828449 - ETPRO TROJAN Cerber Domain Observed (hessale .pw in DNS Lookup) (trojan.rules)
2828450 - ETPRO TROJAN Cerber Domain Observed (hessale .pw in TLS SNI) (trojan.rules)
2828451 - ETPRO TROJAN Cerber Domain Observed (tx0igu .bid in DNS Lookup) (trojan.rules)
2828452 - ETPRO TROJAN Cerber Domain Observed (tx0igu .bid in TLS SNI) (trojan.rules)
2828453 - ETPRO CURRENT_EVENTS Successful Hipercard (BR) Phish Oct 27 2017 (current_events.rules)
2828454 - ETPRO CURRENT_EVENTS Successful Generic 000webhostappp.com Phish Oct 27 2017 (current_events.rules)
2828455 - ETPRO CURRENT_EVENTS Successful Capital One Phish M1 Oct 27 2017 (current_events.rules)
2828456 - ETPRO CURRENT_EVENTS Successful Capital One Phish M2 Oct 27 2017 (current_events.rules)
2828457 - ETPRO CURRENT_EVENTS Successful DHL Phish M1 Oct 27 2017 (current_events.rules)
2828458 - ETPRO TROJAN MSIL/Kryptik.LKC CnC Checkin (trojan.rules)
2828459 - ETPRO CURRENT_EVENTS Successful DHL Phish M2 Oct 27 2017 (current_events.rules)
2828460 - ETPRO CURRENT_EVENTS Successful Orange Phish Oct 27 2017 (current_events.rules)
2828461 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 239 (mobile_malware.rules)
2828462 - ETPRO TROJAN MSIL/CryptoService Coin Stealer Exfil (trojan.rules)
2828463 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 27 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2810582 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M1 (trojan.rules)
2815494 - ETPRO CURRENT_EVENTS AES Crypto Observed in Javascript - Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2825515 - ETPRO TROJAN MSIL/Snow RAT / Rurktar CnC (Update) (trojan.rules)
2825516 - ETPRO TROJAN MSIL/Snow RAT / Rurktar CnC (ID) (trojan.rules)
2825517 - ETPRO TROJAN MSIL/Snow RAT / Rurktar CnC (LS) (trojan.rules)
2828189 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M2 (trojan.rules)
2828397 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017 (current_events.rules)

[---]         Disabled rules:        [---]

2000519 - ET MALWARE shell browser vulnerability W9x/XP (malware.rules)
2000928 - ET MALWARE ISearchTech.com XXXPornToolbar Activity (1) (malware.rules)
2001032 - ET MALWARE Casino on Net Ping Hit (malware.rules)
2001315 - ET MALWARE Traffic Syndicate Agent Updating (1) (malware.rules)
2001481 - ET MALWARE MediaTickets Spyware Install (malware.rules)
2001521 - ET MALWARE Spywaremover Activity (malware.rules)
2002019 - ET MALWARE jmnad1.com Spyware Install (1) (malware.rules)
2002044 - ET MALWARE OutBlaze.com Spyware Activity (malware.rules)
2002083 - ET MALWARE Pacimedia Spyware 1 (malware.rules)
2002738 - ET MALWARE SurfSidekick Activity (rinfo) (malware.rules)
2002957 - ET MALWARE Bestcount.net Spyware Initial Infection Download (malware.rules)
2003217 - ET MALWARE 180solutions (Zango) Spyware Installer Config 2 (malware.rules)
2003441 - ET MALWARE Webbuying.net Spyware Install User-Agent (wbi_v0.90) (malware.rules)
2003442 - ET MALWARE Webbuying.net Spyware Installing (malware.rules)
2003585 - ET MALWARE Trojan User-Agent (Windows Updates Manager) (malware.rules)
2003588 - ET MALWARE Worm.Pyks HTTP C&C Traffic User-Agent (skw00001) (malware.rules)
2003620 - ET MALWARE 51yes.com Spyware Reporting User Activity (malware.rules)
2005319 - ET MALWARE Bizconcept.info Spyware Checkin (malware.rules)
2006386 - ET MALWARE Deepdo.com Toolbar/Spyware User Agent (DeepdoUpdate) (malware.rules)
2006427 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac Check (malware.rules)
2006428 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (open) (malware.rules)
2006429 - ET MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) (malware.rules)
2006431 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post (malware.rules)
2006432 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (ret) (malware.rules)
2006433 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post (api_result) (malware.rules)
2805253 - ETPRO MALWARE Win32/Adware.Kraddare.W Checkin (malware.rules)
2805255 - ETPRO TROJAN Trojan Madi/Mahdi Checkin (trojan.rules)
2805258 - ETPRO CURRENT_EVENTS Ubisoft/Uplay DRM Potential Launch of Arbitrary Executable (current_events.rules)
2805259 - ETPRO TROJAN Win32/Zegost.AD CnC Traffic 2 (trojan.rules)
2805261 - ETPRO TROJAN Trojan.Win32.Jorik.Yoddos.no .exe request (trojan.rules)
2805262 - ETPRO MALWARE Win32/Adware-ABW INSTALL (malware.rules)
2805263 - ETPRO TROJAN Trojan.Win32.Workir.yf Checkin (trojan.rules)
2805264 - ETPRO TROJAN Trojan.Win32.S.Banker.167310 Checkin (trojan.rules)
2805267 - ETPRO MALWARE Adware.Casino-36 Checkin (malware.rules)
2805268 - ETPRO TROJAN Trojan-Banker.Win32.Banker.ju sending info via SMTP (trojan.rules)
2805274 - ETPRO TROJAN Trojan/Banker.Banbra.oyx Checkin (trojan.rules)
2805276 - ETPRO TROJAN Win32/AgentBypass.gen!G Checkin (trojan.rules)
2805278 - ETPRO TROJAN Win32/Weelsof.C Checkin (trojan.rules)
2805281 - ETPRO TROJAN Win32/Spy.Banker.TXN Checkin (trojan.rules)
2805282 - ETPRO MALWARE Adware.Casino-36 Checkin 2 (malware.rules)
2805285 - ETPRO MALWARE PUP/Win32.Micropop Checkin (malware.rules)
2805287 - ETPRO TROJAN W32/Jorik_Steckt.N!tr Checkin (trojan.rules)
2805288 - ETPRO TROJAN Win32/Hspam.A Checkin (trojan.rules)
2805290 - ETPRO USER_AGENTS Win32/VBInject.QW User-Agent (Sek8War) (user_agents.rules)
2805293 - ETPRO TROJAN TrojanSpy.Win32/ProAgent.A Sending Info via SMTP (trojan.rules)
2805294 - ETPRO TROJAN Trojan.Mosucker-60 Checkin 2 (trojan.rules)
2805295 - ETPRO TROJAN TR/Pasta.A.152 Checkin (trojan.rules)
2805296 - ETPRO TROJAN Trojan-Dropper.Win32.VB.oo .exe request (trojan.rules)
2805300 - ETPRO TROJAN Win32/Harvester.0_9 Checkin (trojan.rules)
2805301 - ETPRO TROJAN Trojan.Banker Checkin (trojan.rules)
2805302 - ETPRO TROJAN Win32/Raven.gen!A Checkin (trojan.rules)
2805307 - ETPRO TROJAN Trojan-Spy.Win32.Banker!IK Checkin (trojan.rules)
2805308 - ETPRO TROJAN PSWTool.Win32.NetPass.baq sending stolen info via SMTP (trojan.rules)
2805309 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.fjzu Checkin (trojan.rules)
2805311 - ETPRO TROJAN Win32/Rustock.E Checkin (trojan.rules)
2805312 - ETPRO TROJAN Win32/VBInject.RT Checkin (trojan.rules)
2805313 - ETPRO TROJAN Trojan.Win32.Cossta.tnh Checkin (trojan.rules)
2805328 - ETPRO TROJAN Tongjii/Linezing Related Trojan Checkin (trojan.rules)
2805330 - ETPRO WEB_SPECIFIC_APPS EGallery PHP File Upload Attempt (web_specific_apps.rules)
2805331 - ETPRO TROJAN W32/Hupigon.CI!genr Checkin (trojan.rules)
2805332 - ETPRO TROJAN Win32/Fragat.A Checkin (trojan.rules)
2805333 - ETPRO TROJAN Trojan.Win32.Generic! Checkin (trojan.rules)
2805334 - ETPRO TROJAN Trojan.Win32.Heur.089 Checkin (trojan.rules)
2805339 - ETPRO TROJAN Win32 Generic requesting .xml file (trojan.rules)
2805342 - ETPRO TROJAN Mdropper CnC (trojan.rules)
2805345 - ETPRO TROJAN Troj/Mdrop-DXT checkin 1 (trojan.rules)
2805350 - ETPRO TROJAN Variant.Graftor.17107 Checkin (trojan.rules)
2805352 - ETPRO TROJAN POST to a mp3 file (trojan.rules)
2805353 - ETPRO TROJAN POST to a rar file (trojan.rules)
2805360 - ETPRO TROJAN Win32.Malware.rwx Checkin (trojan.rules)
2805361 - ETPRO TROJAN Win32/Vwealer.BQ Checkin (trojan.rules)
2805364 - ETPRO TROJAN DATCK/BYCC DDOS bot Checkin (trojan.rules)
2805368 - ETPRO TROJAN Win32/Pangu.A Checkin (trojan.rules)
2805374 - ETPRO TROJAN Trojan.Win32.VBKrypt.cugq Checkin (trojan.rules)
2805376 - ETPRO TROJAN Win32/ProxyChanger.J Checkin (trojan.rules)
2805377 - ETPRO TROJAN Win32/Wadolin.A Checkin 2 (trojan.rules)
2805381 - ETPRO CURRENT_EVENTS Rebot JavaScript Injected Site inbound (current_events.rules)
2805382 - ETPRO TROJAN Trojan-Dropper.Win32.Daws.atjm Checkin (trojan.rules)
2805383 - ETPRO TROJAN Trojan.Win32.Swisyn.bfua Checkin (trojan.rules)
2805386 - ETPRO CURRENT_EVENTS Possible Client requesting Rebot JavaScript Redirect (current_events.rules)
2805387 - ETPRO TROJAN Win32/Banbot.A Checkin (trojan.rules)
2805388 - ETPRO TROJAN Win32/FakePlus Checkin (trojan.rules)
2805392 - ETPRO CURRENT_EVENTS Orange Exploit Kit Infector (current_events.rules)
2805394 - ETPRO TROJAN WORM_DISTTRACK.A Checkin (trojan.rules)
2805396 - ETPRO TROJAN Backdoor.Win32/Optix.W Checkin (trojan.rules)
2805397 - ETPRO TROJAN PWS.Win32/OnLineGames.KQ Checkin (trojan.rules)
2805398 - ETPRO TROJAN Trojan.Heur.hm0 at fjz6PkS Checkin (trojan.rules)
2805399 - ETPRO TROJAN Win32/Rochap.A Checkin (trojan.rules)
2805400 - ETPRO TROJAN W32/Yakes.AP!tr Checkin (trojan.rules)
2805401 - ETPRO USER_AGENTS Variant.Barys.4238 User-Agent (user_agents.rules)
2805403 - ETPRO TROJAN Win32/Pift Drop/Checkin (trojan.rules)
2805404 - ETPRO TROJAN Linux/Wirenet keep-alive outbound (trojan.rules)
2805405 - ETPRO TROJAN Win32/SchwarzeSonne.AP Checkin (trojan.rules)
2805406 - ETPRO TROJAN W32/DragonEye.C Checkin (trojan.rules)
2805407 - ETPRO MALWARE Adware/SnapDo Install (malware.rules)
2805412 - ETPRO TROJAN Win32/Spy.BZub CnC Response (trojan.rules)
2805414 - ETPRO TROJAN Win32/Vundo.HIY Checkin (trojan.rules)
2805415 - ETPRO TROJAN PSW.Banker6.AFNY Checkin (trojan.rules)
2805416 - ETPRO TROJAN Unknown dnsd.me Related Trojan Checkin a (trojan.rules)
2805417 - ETPRO TROJAN Win32/Vobfus Checkin (trojan.rules)
2805420 - ETPRO TROJAN Sality.IK!/Tedroo.AE Checkin (trojan.rules)
2805421 - ETPRO TROJAN IEXPL0RE RAT Checkin (trojan.rules)
2805423 - ETPRO TROJAN Worm.Win32.Flame.a Checkin (trojan.rules)
2805431 - ETPRO WEB_SERVER Visual Studio Team Web Access console XSS (web_server.rules)
2805432 - ETPRO WEB_SERVER Microsoft System Center Configuration Manager XSS (web_server.rules)
2805436 - ETPRO TROJAN W32/Delf.OND!tr Checkin (trojan.rules)
2805437 - ETPRO TROJAN Win32/PSW.VB.NIH Checkin (trojan.rules)
2805441 - ETPRO TROJAN W32.Tinba/Zusy Checkin (trojan.rules)
2805443 - ETPRO TROJAN Dadobra.flw/Malagent UDP Response from CnC (trojan.rules)
2805452 - ETPRO TROJAN Backdoor.Juasek Checkin (trojan.rules)
2805453 - ETPRO TROJAN W32/Hupigon.F.gen!Eldorado Checkin (trojan.rules)
2805455 - ETPRO TROJAN Trojan.Win32.Buzus.kmdt Checkin (trojan.rules)
2805459 - ETPRO TROJAN Win32/Punad.G infected system ad retrieve (trojan.rules)
2805462 - ETPRO SQL PostgreSQL xml_parse() DTD validation read arbitrary files read 1 (sql.rules)
2805463 - ETPRO SQL PostgreSQL xslt_process() DTD validation read arbitrary files read 2 (sql.rules)
2805465 - ETPRO TROJAN Win32/Agent.PBK Checkin (trojan.rules)
2805467 - ETPRO TROJAN Gauss CnC (trojan.rules)
2805471 - ETPRO TROJAN Win32/Opachki.I Checkin (trojan.rules)
2805473 - ETPRO TROJAN Downloader.MSIL.Tiny.bs Checkin (trojan.rules)
2805474 - ETPRO TROJAN Win32.Dorifel.eav IRC login (trojan.rules)
2805475 - ETPRO MALWARE AdWare.Win32.DirectDown.A checkin (malware.rules)
2805477 - ETPRO TROJAN Virus.Win32.Kate.a Checkin (trojan.rules)
2805482 - ETPRO TROJAN Trojan.StartPage.46660 Checkin (trojan.rules)
2805484 - ETPRO TROJAN Drop.Banker.Q MySQL connection (trojan.rules)
2805485 - ETPRO MALWARE Adware Win32/BlogChina Checkin (malware.rules)
2805488 - ETPRO TROJAN Ysreef DNS query to Domain atmportal.net.ru (trojan.rules)
2805489 - ETPRO TROJAN Ysreef DNS query to Domain my-files-download ru (trojan.rules)
2805490 - ETPRO TROJAN Ysreef Checkin 1 (trojan.rules)
2805491 - ETPRO TROJAN Ysreef Checkin 2 (trojan.rules)
2805495 - ETPRO MOBILE_MALWARE Galaxy S3 USSD code to factory data reset (mobile_malware.rules)
2805496 - ETPRO TROJAN Win32/Uosproy.A Checkin (hello) (trojan.rules)
2805498 - ETPRO TROJAN Backdoor.Win32.Rbot.gen Checkin (trojan.rules)
2805500 - ETPRO MALWARE Adware.MediaFinder Install (malware.rules)
2805501 - ETPRO TROJAN Backdoor.Win32.Rbot.bzc IRC Log in (trojan.rules)
2805503 - ETPRO TROJAN Win32/Wemosis.C CnC Response (trojan.rules)
2805504 - ETPRO TROJAN W32/Banload.RCI!tr.dldr Checkin (trojan.rules)
2805513 - ETPRO TROJAN Trojan.Win32.Pasta!IK Checkin (trojan.rules)
2805520 - ETPRO TROJAN Win32/Teazodo.A!dll Checkin (trojan.rules)
2805521 - ETPRO TROJAN W32/Gpcode.NAI Checkin (trojan.rules)
2805522 - ETPRO TROJAN W32/Gimemo.APVH!tr Checkin (trojan.rules)
2805524 - ETPRO TROJAN Trojan.Win32.Genome Checkin 1 (trojan.rules)
2805525 - ETPRO TROJAN Trojan.Win32.Genome Checkin 2 (trojan.rules)
2805528 - ETPRO TROJAN Backdoor.Win32.PcClient Tunnel 1 (trojan.rules)
2805529 - ETPRO TROJAN Backdoor.Win32.PcClient Tunnel 2 (trojan.rules)
2805530 - ETPRO TROJAN Win32/Busky.gen Checkin (trojan.rules)
2805531 - ETPRO TROJAN Win32/Small.AJI Checkin (trojan.rules)
2805533 - ETPRO TROJAN updmgr Checkin (trojan.rules)
2805534 - ETPRO TROJAN updmgr Checkin 2 (trojan.rules)
2805535 - ETPRO TROJAN Unknown blog.sina.com.cn CnC Embedded in HTML (trojan.rules)
2805541 - ETPRO SQL MSSQL Reporting Services XSS (sql.rules)
2805542 - ETPRO TROJAN W32/Autorun.worm.zf.gen Checkin (trojan.rules)
2805543 - ETPRO TROJAN Trojan.KillFiles.9696 Checkin (trojan.rules)
2805545 - ETPRO TROJAN Trojan-Dropper.Win32.Smiscer.hf Checkin (trojan.rules)
2805546 - ETPRO MALWARE Adware.Win32.Facetheme Checkin (malware.rules)
2805547 - ETPRO TROJAN W32/Agent.SUTT!tr Checkin (trojan.rules)
2805551 - ETPRO TROJAN hanbi121b Checkin (trojan.rules)
2805556 - ETPRO WEB_SPECIFIC_APPS Zenworks RTRlet Applet Access With Harcoded Creds (web_specific_apps.rules)
2805557 - ETPRO TROJAN Trojan.Generic.KD.697281 Checkin (trojan.rules)
2805558 - ETPRO MALWARE SmartTools Checkin (malware.rules)

[---]         Removed rules:         [---]

2828367 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in DNS Lookup) (trojan.rules)
2828368 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in TLS SNI) (trojan.rules)
2828371 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in DNS Lookup) (trojan.rules)
2828372 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in TLS SNI) (trojan.rules)

Date: 
Friday, October 27, 2017 - 00:00