Daily Ruleset Update Summary 2017/12/07

[***]            Summary:            [***]

2 new Open, 18 new Pro (2 + 16). Sharik/Smoke Update, Cyberbit/PSS, Various Mobile, Various Phishing.

Thanks: Arnold Chan

[+++]          Added rules:          [+++]

Open:

2025141 - ET TROJAN Injected WP Keylogger/Coinminer Domain Detected (cloudflare .solutions in DNS Lookup) (trojan.rules)
2025142 - ET TROJAN Sharik/Smoke CnC Beacon 8 (trojan.rules)

Pro:

2828809 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2017-12-06 (current_events.rules)
2828810 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 250 (mobile_malware.rules)
2828811 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 251 (mobile_malware.rules)
2828812 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 252 (mobile_malware.rules)
2828813 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe Contact Exfil via SMTP 5 (mobile_malware.rules)
2828814 - ETPRO TROJAN MSIL/Subti.N CnC Beacon (trojan.rules)
2828815 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .com in DNS Lookup) (trojan.rules)
2828816 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .net in DNS Lookup) (trojan.rules)
2828817 - ETPRO TROJAN Cyberbit/PSS CnC Domain (pupki .co in DNS Lookup) (trojan.rules)
2828818 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (eastafro .net in DNS Lookup) (trojan.rules)
2828819 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (diretube .co.uk in DNS Lookup) (trojan.rules)
2828820 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (meskereme .net in DNS Lookup) (trojan.rules)
2828821 - ETPRO TROJAN MSIL/Bazidow.A HTTP C2 (trojan.rules)
2828822 - ETPRO TROJAN VBS/BoletoMestre IRC Checkin (trojan.rules)
2828823 - ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) (trojan.rules)
2828824 - ETPRO INFO Suspicious HTTP Credential Post to IP Address - Possible Successful Phish (info.rules)

[///]     Modified active rules:     [///]

2021690 - ET TROJAN MWI Maldoc Stats Callout Aug 18 2015 (trojan.rules)
2025102 - ET INFO HTTP POST Request to Suspicious *.ml Domain (info.rules)
2025103 - ET INFO HTTP POST Request to Suspicious *.cf Domain (info.rules)
2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
2025134 - ET POLICY OnePlus phone data leakage (policy.rules)
2828788 - ETPRO TROJAN Win32/Banload.Downloader Requesting Payload (trojan.rules)

Date: 
Thursday, December 7, 2017 - 00:00