Daily Ruleset Update Summary 2018/01/24

[***]            Summary:            [***]

35 new Pro. Mirai Variant DNS, RubyMiner, BlackTDS, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

2829395 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish 2018-01-24 (current_events.rules)
2829396 - ETPRO MOBILE_MALWARE Android/Agent.AKX / Trojan-Spy.AndroidOS.Agent.oe Checkin 3 (mobile_malware.rules)
2829397 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound (dropping XMRig) (current_events.rules)
2829398 - ETPRO INFO Possibly Malicious VBScript Executing WScript.Shell Run Method (info.rules)
2829399 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-24 1) (trojan.rules)
2829400 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-24 2) (trojan.rules)
2829401 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-24 3) (trojan.rules)
2829402 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-24 4) (trojan.rules)
2829403 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-24 5) (trojan.rules)
2829404 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Payload 2018-01-23) (current_events.rules)
2829405 - ETPRO POLICY External IP Address Lookup (policy.rules)
2829406 - ETPRO TROJAN Remcos DNS Lookup (trojan.rules)
2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)
2829423 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 1 (trojan.rules)
2829424 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 2 (trojan.rules)
2829425 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 3 (trojan.rules)
2829426 - ETPRO CURRENT_EVENTS BlackTDS SocEng Fake Java Update (current_events.rules)
2829427 - ETPRO CURRENT_EVENTS BlackTDS Favicon Inbound - SocEng Related (current_events.rules)
2829428 - ETPRO CURRENT_EVENTS BlackTDS Cookie Set (current_events.rules)
2829429 - ETPRO TROJAN Win32/Sathurbot.AN Checkin M1 (trojan.rules)

[///]     Modified active rules:     [///]

2025238 - ET INFO Base64 Encoded powershell.exe in HTTP Response M1 (info.rules)
2826455 - ETPRO MOBILE_MALWARE Android/Agent.AKX Checkin (mobile_malware.rules)
2828734 - ETPRO TROJAN Powerstats C2 (trojan.rules)

Date: 
Wednesday, January 24, 2018 - 00:00