Daily Ruleset Update Summary 2018/02/08

[***]            Summary:            [***]

2 new Open, 24 new Pro (2 + 22). MSIL/TohperMiner, MSIL/KyoznikMiner, OrientDB 2.2.x RCE, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025330 - ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) (policy.rules)
2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo.io) (policy.rules)

Pro:

2806924 - ETPRO INFO Korean Web Traffic Statistics Service (info.rules)
2829592 - ETPRO TROJAN Win32/Remcos RAT Checkin 8 (trojan.rules)
2829593 - ETPRO TROJAN Win32/Banload.Downloader Variant CnC Check-in (trojan.rules)
2829594 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 281 (mobile_malware.rules)
2829595 - ETPRO TROJAN Reveton Domain Observed (itisagooddaytodie .com in DNS Lookup) (trojan.rules)
2829596 - ETPRO TROJAN Reveton Domain Observed (googleprofit8 .com in DNS Lookup) (trojan.rules)
2829597 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin (trojan.rules)
2829598 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 282 (mobile_malware.rules)
2829599 - ETPRO TROJAN Reveton Domain Observed (lalalablabla1313lolo .com in DNS Lookup) (trojan.rules)
2829600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 283 (mobile_malware.rules)
2829601 - ETPRO EXPLOIT OrientDB 2.2.x Remote Code Execution (exploit.rules)
2829602 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 284 (mobile_malware.rules)
2829603 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Activity (trojan.rules)
2829604 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Keep-Alive (trojan.rules)
2829605 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 285 (mobile_malware.rules)
2829606 - ETPRO TROJAN MSIL/TohperMiner CnC Checkin (trojan.rules)
2829611 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 1) (trojan.rules)
2829612 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 2) (trojan.rules)
2829613 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 3) (trojan.rules)
2829614 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 4) (trojan.rules)
2829615 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 5) (trojan.rules)
2829616 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-08 6) (trojan.rules)

[///]     Modified active rules:     [///]

2828790 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gen CnC Beacon (mobile_malware.rules)
2829591 - ETPRO TROJAN DanderSpritz Implant Communicating with PeddleCheap Module (trojan.rules)

[---]  Disabled and modified rules:  [---]

2014135 - ET TROJAN Zeus/Reveton checkin to /images.rar (trojan.rules)
2015874 - ET TROJAN Known Reveton Domain HTTP whatwillber.com (trojan.rules)
2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)

[---]         Removed rules:         [---]

2806924 - ETPRO TROJAN Muldrop Checkin (trojan.rules)
2806942 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin (trojan.rules)

Date: 
Thursday, February 8, 2018 - 00:00