Daily Ruleset Update Summary 2018/01/31

[***]            Summary:            [***]

7 new Open, 24 new Pro (7 + 17). GandCrab, MSIL/Derkziel, MSIL/Vermin RAT, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025275 - ET INFO Windows OS Submitting USB Metadata to Microsoft (info.rules)
2025276 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-31 (current_events.rules)
2025277 - ET CURRENT_EVENTS Apple iTunes Phishing Landing (DE) 2018-01-31 (current_events.rules)
2025278 - ET CURRENT_EVENTS Mailbox Verification Phishing Landing 2018-01-31 (current_events.rules)
2025279 - ET CURRENT_EVENTS Hellion Postmaster Phishing Landing 2018-01-31 (current_events.rules)
2025280 - ET CURRENT_EVENTS Generic Roundcube Multi-Brand Phishing Landing 2018-01-31 (current_events.rules)
2025281 - ET CURRENT_EVENTS Cloned Website Phishing Landing - Saved Website Comment Observed (current_events.rules)

Pro:

2829498 - ETPRO TROJAN GandCrab DNS Lookup 1 (trojan.rules)
2829499 - ETPRO TROJAN GandCrab DNS Lookup 2 (trojan.rules)
2829500 - ETPRO TROJAN GandCrab DNS Lookup 3 (trojan.rules)
2829501 - ETPRO TROJAN GandCrab DNS Lookup 4 (trojan.rules)
2829502 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 268 (mobile_malware.rules)
2829503 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 269 (mobile_malware.rules)
2829504 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 270 (mobile_malware.rules)
2829505 - ETPRO TROJAN MSIL/Derkziel CnC Activity (trojan.rules)
2829506 - ETPRO TROJAN Possible POWERSTATS Related Badness M1 (trojan.rules)
2829507 - ETPRO TROJAN MSIL/Vermin RAT Checkin via SOAP (trojan.rules)
2829508 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 1) (trojan.rules)
2829509 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 2) (trojan.rules)
2829510 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 3) (trojan.rules)
2829511 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 4) (trojan.rules)
2829512 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 5) (trojan.rules)
2829513 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 6) (trojan.rules)
2829514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-31 7) (trojan.rules)

[///]     Modified active rules:     [///]

2025120 - ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity check (trojan.rules)
2826094 - ETPRO TROJAN Lazarus FoggyBrass Variant CnC Callback (trojan.rules)
2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)

Date: 
Wednesday, January 31, 2018 - 00:00