Daily Ruleset Update Summary 2017/11/08

[***]            Summary:            [***]

6 new Open, 27 new Pro (6 + 21). ProjectHook POS CnC, Win32.MY24, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024971 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 1 (web_client.rules)
2024972 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 2 (web_client.rules)
2024973 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 3 (web_client.rules)
2024974 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 4 (web_client.rules)
2024975 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 5 (web_client.rules)
2024976 - ET WEB_CLIENT pshell dl/execute primitives in wideb64 6 (web_client.rules)

Pro:

2024978 - ET INFO Browser Plugin Detect - Observed in Apple Phishing (info.rules)
2828562 - ETPRO TROJAN Trojan.Win32.MY24 Checkin (trojan.rules)
2828563 - ETPRO TROJAN MSIL/BoteVote Backdoor CnC Checkin (trojan.rules)
2828564 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828565 - ETPRO CURRENT_EVENTS Successful Generic AES Phish Nov 08 2016 (current_events.rules)
2828566 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 243 (mobile_malware.rules)
2828567 - ETPRO MOBILE_MALWARE Android/JiuXuJinBao CnC Beacon (mobile_malware.rules)
2828568 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in DNS Lookup) (trojan.rules)
2828569 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in TLS SNI) (trojan.rules)
2828570 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in DNS Lookup) (trojan.rules)
2828571 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in TLS SNI) (trojan.rules)
2828572 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in DNS Lookup) (trojan.rules)
2828573 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in TLS SNI) (trojan.rules)
2828574 - ETPRO TROJAN ProjectHook POS CnC Checkin (trojan.rules)
2828575 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BLR Checkin (mobile_malware.rules)
2828576 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in DNS Lookup) (trojan.rules)
2828577 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in TLS SNI) (trojan.rules)
2828578 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.snt CnC Beacon (mobile_malware.rules)
2828579 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Nov 08 2017 (current_events.rules)
2828580 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Nov 08 2017 (current_events.rules)
2828581 - ETPRO CURRENT_EVENTS Successful Santander Phish Nov 08 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2822136 - ETPRO TROJAN Win32/Philadelphia Ransomware CnC Checkin (trojan.rules)
2822596 - ETPRO TROJAN Win32/Philadelphia Ransomware Encryption Activity (trojan.rules)
2824150 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish Dec 30 2016 (current_events.rules)
2824864 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 1 (trojan.rules)
2824865 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 2 (trojan.rules)
2824976 - ETPRO TROJAN Lazarus Rifle/Agent.RTC Checkin (trojan.rules)
2827049 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish M2 Jul 07 2017 (current_events.rules)

[---]         Removed rules:         [---]

2024931 - ET ATTACK_RESPONSE 401TRG Perl DDoS IRCBot File Download (attack_response.rules)

Date: 
Wednesday, November 8, 2017 - 00:00