Daily Ruleset Update Summary 2018/03/21

[***]            Summary:            [***]

1 new Open, 10 new Pro (1 + 9). Grandsoft EK Payload, W32/Pedido.BR, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025437 - ET CURRENT_EVENTS [PTsecurity] Grandsoft EK Payload (current_events.rules)

Pro:

2830078 - ETPRO POLICY Android Bitcoin Wallet CnC Beacon (policy.rules)
2830079 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.nv CnC Beacon (mobile_malware.rules)
2830080 - ETPRO TROJAN Ars Stealer CnC Checkin M2 (trojan.rules)
2830081 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-21 1) (trojan.rules)
2830082 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-21 2) (trojan.rules)
2830083 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-21 3) (trojan.rules)
2830084 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-21 4) (trojan.rules)
2830085 - ETPRO TROJAN W32/Pedido.BR Dropper Checkin (trojan.rules)
2830086 - ETPRO POLICY Observed External IP Address Lookup Domain (www.myip .com) (policy.rules)

[///]     Modified active rules:     [///]

2012513 - ET TROJAN Hiloti loader installed successfully request (trojan.rules)
2019376 - ET CURRENT_EVENTS Napolar / Shifu SSL Cert Oct 9 2014 (current_events.rules)
2023229 - ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site (web_server.rules)
2821692 - ETPRO TROJAN ZeusPOS Payload M2 (trojan.rules)
2829693 - ETPRO TROJAN SocEng DNS Lookup (trojan.rules)
2829694 - ETPRO TROJAN SocEng Domain in SNI (trojan.rules)
2829695 - ETPRO TROJAN SocEng Malicious SSL Certificate Detected (trojan.rules)
2830057 - ETPRO POLICY External IP Lookup Domain (wsgeoip .pdfsam .org) (policy.rules)

Date: 
Wednesday, March 21, 2018 - 00:00