Daily Ruleset Update Summary 2017/12/14

[***]            Summary:            [***]

2 new Open, 15 new Pro (2 + 13). CoreBot CnC, Win32.Banload.XZH, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025149 - ET POLICY IP Check (rl. ammyy. com) (policy.rules)
2025150 - ET POLICY IP Check Response (rl. ammyy. com) (policy.rules)

Pro:

2828891 - ETPRO TROJAN CoreBot CnC Checkin (trojan.rules)
2828892 - ETPRO POLICY External IP Address Lookup (via httpbin .org) (policy.rules)
2828893 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i Checkin (mobile_malware.rules)
2828894 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i CnC Beacon (mobile_malware.rules)
2828895 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 1) (trojan.rules)
2828896 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 2) (trojan.rules)
2828897 - ETPRO CURRENT_EVENTS Successful DHL Phish 2017-12-14 (current_events.rules)
2828898 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 3) (trojan.rules)
2828899 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 4) (trojan.rules)
2828900 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 5) (trojan.rules)
2828901 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-13 6) (trojan.rules)
2828902 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish 2017-12-14 (current_events.rules)
2828903 - ETPRO TROJAN Win32.Banload.XZH Variant Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS)) (malware.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll) (trojan.rules)

[---]         Removed rules:         [---]

2828886 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-08 1) (trojan.rules)

Date: 
Thursday, December 14, 2017 - 00:00