Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/03/02

[***]            Summary:            [***]

1 new Open, 19 new Pro (1 + 18). Princess Ransomware, SocEng, Various Mobile, Various Phishing.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2025404 - ET TROJAN Observed Princess Ransomware Payment Domain (royal25fphqilqft in DNS Lookup) (trojan.rules)

Pro:

2829829 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup (current_events.rules)
2829830 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup (current_events.rules)
2829831 - ETPRO CURRENT_EVENTS SocEng Malicious SSL Certificate Detected (current_events.rules)
2829832 - ETPRO CURRENT_EVENTS SocEng Malicious SSL Certificate Detected (current_events.rules)
2829833 - ETPRO CURRENT_EVENTS SocEng Domain Observed in SNI (current_events.rules)
2829834 - ETPRO CURRENT_EVENTS SocEng Domain Observed in SNI (current_events.rules)
2829865 - ETPRO MOBILE_MALWARE Android/Arukas.A!tr Checkin (mobile_malware.rules)
2829866 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 1 (trojan.rules)
2829867 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 2 (trojan.rules)
2829868 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 3 (trojan.rules)
2829869 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 4 (trojan.rules)
2829870 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 1 (trojan.rules)
2829871 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 2 (trojan.rules)
2829872 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-02 1) (trojan.rules)
2829873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-02 2) (trojan.rules)
2829874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-02 3) (trojan.rules)
2829875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-02 4) (trojan.rules)
2829876 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 297 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2829661 - ETPRO TROJAN Win32/ASPC Bot/ARS Stealer CnC Checkin (trojan.rules)
2829826 - ETPRO TROJAN W32/Kutaki Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2024799 - ET CURRENT_EVENTS Phishing Landing Oct 04 2017 (current_events.rules)

[---]         Disabled rules:        [---]

2011917 - ET TROJAN FAKEAV Gemini - JavaScript Redirection To Scanning Page (trojan.rules)
2011921 - ET TROJAN FAKEAV CryptMEN - Landing Page Download Contains .hdd_icon (trojan.rules)
2011922 - ET TROJAN FAKEAV CryptMEN - Random Named DeObfuscation JavaScript File Download (trojan.rules)
2011989 - ET TROJAN Suspicious executable download adobe-flash.v (trojan.rules)
2011991 - ET TROJAN FAKEAV Gemini systempack exe download (trojan.rules)
2011995 - ET TROJAN Suspicious invoice.scr Download Request (trojan.rules)
2011999 - ET TROJAN Trojan.Spy.YEK MAC and IP POST (trojan.rules)
2012076 - ET TROJAN Win32.Krap.ar Infection URL Request (trojan.rules)
2012114 - ET TROJAN Trojan.BackDoor-DRV.gen.c Reporting-2 (trojan.rules)
2012136 - ET TROJAN Waledac 2.0/Storm Worm 3.0 GET request detected (trojan.rules)
2012208 - ET TROJAN FAKEAV CryptMEN pack.exe Payload Download (trojan.rules)
2012227 - ET TROJAN FAKEAV Gemini softupdate*.exe download (trojan.rules)
2012276 - ET TROJAN USPS Inbound SPAM (trojan.rules)
2012279 - ET TROJAN SpyEye HTTP Library Checkin (trojan.rules)
2012284 - ET TROJAN SpyEye Post_Express_Label ftpgrabber check-in (trojan.rules)
2012288 - ET TROJAN Spy.Win32.Agent.bijs Reporting 2 (trojan.rules)
2012289 - ET TROJAN Win32 Troxen Reporting (trojan.rules)
2012290 - ET TROJAN Spy.Win32.Agent.bijs Reporting 1 (trojan.rules)
2012318 - ET TROJAN FAKEAV download (AntiSpyWareSetup.exe) (trojan.rules)
2012319 - ET TROJAN IRS Inbound SMTP Malware (trojan.rules)
2012320 - ET TROJAN IRS Inbound SPAM (trojan.rules)
2012329 - ET TROJAN IRS Inbound SPAM variant 3 (trojan.rules)
2012388 - ET TROJAN USPS SPAM Inbound possible spyeye trojan (trojan.rules)
2012389 - ET TROJAN Java Exploit Kit Success Check-in Executable Download Likely (trojan.rules)
2012391 - ET TROJAN Tatanga Checkin (trojan.rules)
2012439 - ET TROJAN Win32.Vilsel.akd Reporting (trojan.rules)
2012440 - ET TROJAN Downloader.Win32.Agent.bqkb Reporting (trojan.rules)
2012443 - ET TROJAN UPS Inbound bad attachment v.5 (trojan.rules)
2012444 - ET TROJAN UPS Inbound bad attachment v.6 (trojan.rules)
2012445 - ET TROJAN Post Express Inbound bad attachment (trojan.rules)
2012446 - ET TROJAN Possible Eleonore Exploit pack download (trojan.rules)
2012448 - ET TROJAN Downloader Win32.Agent.FakeAV.AVG 1 (trojan.rules)
2012449 - ET TROJAN Downloader Win32.Agent.FakeAV.AVG 2 (trojan.rules)
2012456 - ET TROJAN Possible JKDDOS download 500.exe (trojan.rules)
2012458 - ET TROJAN Possible JKDDOS download desyms.exe (trojan.rules)
2012459 - ET TROJAN Possible JKDDOS download 1691.exe (trojan.rules)
2012492 - ET TROJAN DHL Spam Inbound (trojan.rules)
2012493 - ET TROJAN DHL Spam Inbound (trojan.rules)
2012494 - ET TROJAN FakeAV InstallInternetDefender Download (trojan.rules)
2012505 - ET TROJAN Monkif Checkin (trojan.rules)
2012507 - ET TROJAN Monkif CnC response in fake JPEG (trojan.rules)
2012512 - ET TROJAN Hiloti loader installed successfully response (trojan.rules)
2012517 - ET TROJAN Win32/Rimecud.B Activity (trojan.rules)
2012521 - ET TROJAN Generic Win32 Banker Trojan CheckIn (trojan.rules)
2012541 - ET TROJAN Downloader.small Generic Checkin (trojan.rules)
2012590 - ET TROJAN Best Spyware Scanner FaveAV Download (trojan.rules)
2012592 - ET TROJAN PWS-Banker.gen.b Reporting (trojan.rules)
2012617 - ET TROJAN Unknown Malware PatchPathNewS3.dat Request (trojan.rules)
2012631 - ET TROJAN Chinese Bootkit Checkin (trojan.rules)
2012865 - ET TROJAN Vinself Backdoor Checkin (trojan.rules)
2016428 - ET TROJAN Backdoor.Win32.Likseput.B Checkin 2 (trojan.rules)
2800846 - ETPRO TROJAN Worm.Win32.Faketube Activity (update request) (trojan.rules)
2800875 - ETPRO TROJAN Trojan.Win32.Nopor.A GET Config (trojan.rules)
2800920 - ETPRO TROJAN Backdoor.MSIL.Noszbot Checkin POST 2 (trojan.rules)
2800944 - ETPRO TROJAN Trojan.Win32.Konad.A Receiving Config (trojan.rules)
2800951 - ETPRO TROJAN Backdoor.Win32.Loopas Activity (trojan.rules)
2800953 - ETPRO TROJAN Download.Win32.Genome.bwmu Fake Adobe Reader Download Request (trojan.rules)
2800955 - ETPRO TROJAN Backdoor.Win32.Ripinip Receiving config (trojan.rules)
2800964 - ETPRO TROJAN Banker/Banbra.fxe Checkin (trojan.rules)
2801173 - ETPRO TROJAN Trojan.Win32.VB.njz Checkin (trojan.rules)
2801215 - ETPRO TROJAN Backdoor.Win32.Badpuck.A Checkin (trojan.rules)
2801245 - ETPRO TROJAN TrojanDownloader Win32/VB.NP Checkin (trojan.rules)
2801266 - ETPRO TROJAN Backdoor.Win32.Coofus.RFM Checkin 1 (trojan.rules)
2801288 - ETPRO TROJAN Backdoor.Win32.Ganipin.A Receiving Commands from Server (trojan.rules)
2801297 - ETPRO TROJAN Generic Proxy Bot Checkin (trojan.rules)
2801298 - ETPRO TROJAN Generic Proxy Bot Checkin 2 (trojan.rules)
2801302 - ETPRO TROJAN RogueSoftware.Win32.WindowsOptimizationAndSecurity Sending stolen info (trojan.rules)
2801308 - ETPRO TROJAN Trojan.Win32.Bohu.A check in (trojan.rules)
2801309 - ETPRO TROJAN Backdoor.Win32.Pefsire.A Checkin (trojan.rules)
2801322 - ETPRO TROJAN Win32.Dogrobot activity on port 123 (trojan.rules)
2801329 - ETPRO TROJAN Trojan.Win32.Delf.MW Checkin 1 (trojan.rules)
2801330 - ETPRO TROJAN Trojan.Win32.Delf.MW Checkin 2 (trojan.rules)
2801331 - ETPRO TROJAN Worm.Win32.Autorun.ABB checkin (trojan.rules)
2801341 - ETPRO TROJAN Trojan.Win32.PassStealer.ird Checkin (trojan.rules)
2801348 - ETPRO TROJAN Mariposa or Palevo Bot Response from Server (trojan.rules)
2801351 - ETPRO TROJAN Win32/Small.AII Checkin (trojan.rules)
2801352 - ETPRO TROJAN Trojan.Win32.Dreammon.D Checkin (trojan.rules)
2801354 - ETPRO TROJAN Trojan.Win32.Cryect.A Checkin on port 443 (trojan.rules)
2801367 - ETPRO TROJAN Backdoor.Win32.Talsab.B Checkin Request (trojan.rules)
2801368 - ETPRO TROJAN Backdoor.Win32.Talsab.B Reporting Information (trojan.rules)
2801389 - ETPRO TROJAN Trojan-Downloader.Win32.Redonc.A Checkin (trojan.rules)
2801394 - ETPRO TROJAN Generic Dropper Checkin callback (trojan.rules)
2801400 - ETPRO TROJAN Win32.Vilsel.awhu Checkin via Email Form (trojan.rules)
2801401 - ETPRO TROJAN Win32.Vilsel.awhu Checkin via Email Form Inbound (trojan.rules)
2801405 - ETPRO TROJAN Unknown RBN Based BiFrost Botnet Response (trojan.rules)
2801406 - ETPRO TROJAN Malware Backdoor.Win32.Apocalipto.A Checkin (trojan.rules)
2801413 - ETPRO TROJAN Trojan.Win32.Socnet.A Activity (trojan.rules)
2801422 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 1 (trojan.rules)
2801423 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 2 (trojan.rules)
2801426 - ETPRO TROJAN Trojan.Win32.KeyLogger.mww Checkin (trojan.rules)
2801428 - ETPRO TROJAN Trojan.Win32.Banker.U Checkin (trojan.rules)
2801437 - ETPRO TROJAN Chnsystems.com related trojan checkin (trojan.rules)
2801438 - ETPRO TROJAN Chnsystems.com related trojan checkin 2 (trojan.rules)
2801440 - ETPRO TROJAN Trojan.Win32.Tatanarg.A Checkin (trojan.rules)
2801616 - ETPRO TROJAN Backdoor.Win32.Trup.CX Checkin 2 (trojan.rules)
2801628 - ETPRO TROJAN Backdoor.Win32.TBubz.DL Checkin 2 (trojan.rules)
2801635 - ETPRO TROJAN Win32/Rimecud.B Checkin (trojan.rules)
2801639 - ETPRO TROJAN Trojan-Downloader.Win32.Vmara.A SQL Checkin (trojan.rules)
2801671 - ETPRO TROJAN BestAntivirus Fake AV Download (trojan.rules)
2801673 - ETPRO TROJAN Backdoor.Win32.Dtd.A Checkin (trojan.rules)
2801674 - ETPRO TROJAN Trojan.Win32.Banker.bhhc Checkin (trojan.rules)
2801675 - ETPRO TROJAN Backdoor.Win32.Prioxer.A Checkin (trojan.rules)
2801676 - ETPRO TROJAN Trojan.Win32.PKXG.A Checkin (trojan.rules)
2801677 - ETPRO TROJAN Trojan.Win32.Delftie.azqn Checkin (trojan.rules)
2801678 - ETPRO TROJAN Backdoor.Win32.Nefkyt.A Checkin (trojan.rules)
2801860 - ETPRO TROJAN Rogue AV AntimalwareDoctor.B Checkin (trojan.rules)
2801882 - ETPRO TROJAN Win32.AutoRun.cedq Checkin (trojan.rules)
2801915 - ETPRO TROJAN Ncom Rootkit Failed Login (trojan.rules)
2801916 - ETPRO TROJAN NCom Rootkit Login (Default PW) (trojan.rules)
2801924 - ETPRO TROJAN Trojan.Win32.Alipime.DUK Checkin 1 (trojan.rules)
2801925 - ETPRO TROJAN Trojan.Win32.Alipime.DUK Checkin 2 (trojan.rules)
2801926 - ETPRO TROJAN Trojan.Win32.Bancos.OBQ Checkin 2 (trojan.rules)
2801948 - ETPRO TROJAN PC Total Defender or related Fake AV Checkin (trojan.rules)
2801955 - ETPRO TROJAN Backdoor.Win32.SlyBot.A Checkin (trojan.rules)
2801956 - ETPRO TROJAN Backdoor.Win32.Mooplids.A Checkin (trojan.rules)
2801958 - ETPRO TROJAN Backdoor.Win32.Sajdela.A Checkin (trojan.rules)
2801963 - ETPRO TROJAN Backdoor.Win32.ProcSpy.B Checkin (trojan.rules)
2801966 - ETPRO TROJAN Trojan.Win32.Agent.btm Checkin (trojan.rules)
2801984 - ETPRO TROJAN Known Redirect Cookie set to Exploit Pack 2 (trojan.rules)

[---]         Removed rules:         [---]

2829829 - ETPRO TROJAN KovCoreG DNS Lookup (trojan.rules)
2829830 - ETPRO TROJAN KovCoreG DNS Lookup (trojan.rules)
2829831 - ETPRO TROJAN KovCoreG Malicious SSL Certificate Detected (trojan.rules)
2829832 - ETPRO TROJAN KovCoreG Malicious SSL Certificate Detected (trojan.rules)
2829833 - ETPRO TROJAN KovCoreG Domain Observed in SNI (trojan.rules)
2829834 - ETPRO TROJAN KovCoreG Domain Observed in SNI (trojan.rules)

Date:
Summary title:
1 new Open, 19 new Pro (1 + 18). Princess Ransomware, SocEng, Various Mobile, Various Phishing.