Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/03/06

[***]            Summary:            [***]

2 new Open, 18 new Pro (2 + 16). Flawed Grace, JScript Over SMB, Various Mobile, Various Phishing.

Try the new feedback tool: https://feedback.emergingthreats.net/feedback

Thanks: @Certego_IRT

[+++]          Added rules:          [+++]

Open:

2025408 - ET TROJAN Win32/Flawed Grace Backdoor CnC Checkin (trojan.rules)
2025409 - ET CURRENT_EVENTS CERTEGO Possible JScript Coming Over SMB v2 (current_events.rules)

Pro:

2829890 - ETPRO TROJAN AZORult Variant.3 Checkin M1 (trojan.rules)
2829891 - ETPRO TROJAN PLEAD TScookie CnC Checkin (trojan.rules)
2829892 - ETPRO TROJAN NSIS/CoinMiner.Downloader onion DNS Lookup (trojan.rules)
2829893 - ETPRO TROJAN Win32/GandCrab Ransomware CnC Activity M2 (trojan.rules)
2829894 - ETPRO TROJAN Win32/GandCrab Ransomware External IP Check M3 (trojan.rules)
2829895 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-03-06 M1 (current_events.rules)
2829896 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-03-06 M2 (current_events.rules)
2829897 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-03-06 M3 (current_events.rules)
2829898 - ETPRO TROJAN Malicious EnergyMech USER Command (trojan.rules)
2829899 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.l CnC Beacon (mobile_malware.rules)
2829900 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 298 (mobile_malware.rules)
2829901 - ETPRO TROJAN SSL/TLS Certificate Observed (Meterpreter) (trojan.rules)
2829902 - ETPRO MALWARE PUA/PUP Searchjstg Adware Checkin (malware.rules)
2829903 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-06 1) (trojan.rules)
2829904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-06 2) (trojan.rules)
2829905 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-06 3) (trojan.rules)

[///]     Modified active rules:     [///]

2016764 - ET CURRENT_EVENTS GrandSoft PDF Payload Download (current_events.rules)
2021503 - ET TROJAN Java/QRat Checkin (trojan.rules)
2021504 - ET TROJAN Java/QRat Receiving Command 1 (trojan.rules)
2021505 - ET TROJAN Java/QRat Receiving No Commands (trojan.rules)
2021889 - ET TROJAN Java/QRat Retrieving PE (trojan.rules)
2025391 - ET TROJAN [PTsecurity] QRat.Java.RAT (state_alive) (trojan.rules)
2025392 - ET TROJAN QRat.Java.RAT Checkin Response (trojan.rules)
2025393 - ET TROJAN QRat.Java.RAT Post-Checkin Request (trojan.rules)

[---]         Removed rules:         [---]

2829851 - ETPRO TROJAN Win32/Flawed Grace Backdoor CnC Checkin (trojan.rules)

Date:
Summary title:
2 new Open, 18 new Pro (2 + 16). Flawed Grace, JScript Over SMB, Various Mobile, Various Phishing.