Daily Ruleset Update Summary 2017/11/03

[***]            Summary:            [***]

11 new Open, 36 new Pro (11 + 25). Android Marcher, Koadic Backdoor, Win32/SniperTgr, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024943 - ET CURRENT_EVENTS Raiffeisen Phishing Domain Nov 03 2017 (current_events.rules)
2024944 - ET CURRENT_EVENTS Sparkasse Phishing Domain Nov 03 2017 (current_events.rules)
2024945 - ET CURRENT_EVENTS SOCENG Fake Update/Installer ForceDL Template Nov 03 2017 (current_events.rules)
2024946 - ET CURRENT_EVENTS BankAustria Phishing Domain Nov 03 2017 (current_events.rules)
2024947 - ET CURRENT_EVENTS Successful Raiffeisen Phish Nov 03 2017 (current_events.rules)
2024948 - ET CURRENT_EVENTS Successful Sparkasse Phish Nov 03 2017 (current_events.rules)
2024949 - ET CURRENT_EVENTS Successful BankAustria Phish Nov 03 2017 (current_events.rules)
2024950 - ET MOBILE_MALWARE Android Marcher Trojan Download - Raiffeisen Bank Targeting (set) (mobile_malware.rules)
2024951 - ET MOBILE_MALWARE Android Marcher Trojan Download - Sparkasse Bank Targeting (set) (mobile_malware.rules)
2024952 - ET MOBILE_MALWARE Android Marcher Trojan Download - BankAustria Targeting (set) (mobile_malware.rules)
2024953 - ET MOBILE_MALWARE Android Marcher Trojan Download - Austrian Bank Targeting (mobile_malware.rules)

Pro:

2828508 - ETPRO TROJAN Observed Malicious SSL Cert (Keybase Keylogger CnC) (trojan.rules)
2828509 - ETPRO TROJAN Koadic Backdoor CnC Beacon (trojan.rules)
2828510 - ETPRO TROJAN Koadic Backdoor Receiving Payload (trojan.rules)
2828511 - ETPRO TROJAN Win32/SniperTgr Requesting Payload (trojan.rules)
2828512 - ETPRO TROJAN Reuqst.JS Sending System Information (trojan.rules)
2828513 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI (mobile_malware.rules)
2828514 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 2 (mobile_malware.rules)
2828515 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 3 (mobile_malware.rules)
2828516 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 4 (mobile_malware.rules)
2828517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 5 (mobile_malware.rules)
2828518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 6 (mobile_malware.rules)
2828519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 7 (mobile_malware.rules)
2828520 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 8 (mobile_malware.rules)
2828522 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer .ru in DNS Query) (trojan.rules)
2828523 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer .info in DNS Query) (trojan.rules)
2828524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 1 (mobile_malware.rules)
2828525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 2 (mobile_malware.rules)
2828526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 3 (mobile_malware.rules)
2828527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 4 (mobile_malware.rules)
2828528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 5 (mobile_malware.rules)
2828529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 6 (mobile_malware.rules)
2828530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 7 (mobile_malware.rules)
2828531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS Lookup 8 (mobile_malware.rules)
2828532 - ETPRO TROJAN MSIL/VB-RAT CnC Checkin (trojan.rules)
2828533 - ETPRO TROJAN W32.Gorno Stealer Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2010515 - ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) (web_server.rules)
2017925 - ET POLICY External IP Lookup / Tor Checker Domain (bridges.torproject .org in DNS lookup) (policy.rules)
2017926 - ET POLICY External IP Lookup / Tor Checker Domain (check.torproject .org in DNS lookup) (policy.rules)
2023472 - ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) (policy.rules)
2024527 - ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup) (policy.rules)
2825352 - ETPRO POLICY External IP Lookup Domain (freegeiop .net in DNS lookup) (policy.rules)
2827133 - ETPRO POLICY External IP Lookup Domain (iplogger .com in DNS lookup) (policy.rules)
2828090 - ETPRO POLICY External IP Lookup Domain (ip.anysrc .net in DNS lookup) (policy.rules)
2828091 - ETPRO POLICY External IP Lookup Domain (whatsmyip .website in DNS lookup) (policy.rules)

[---]  Disabled and modified rules:  [---]

2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnet RAT PWStealer Module DL) (trojan.rules)

Date: 
Friday, November 3, 2017 - 00:00