Daily Ruleset Update Summary 2018/04/02

[***]            Summary:            [***]

3 new Open, 21 new Pro (3 + 18). GandCrab, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025452 - ET TROJAN Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup) (trojan.rules)
2025453 - ET TROJAN Observed GandCrab Ransomware Domain (zonealarm .bit in DNS Lookup) (trojan.rules)
2025454 - ET TROJAN Observed GandCrab Ransomware Domain (chlenaverasiskihe .sex in DNS Lookup) (trojan.rules)

Pro:

2830212 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M3 (trojan.rules)
2830213 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 308 (mobile_malware.rules)
2830214 - ETPRO TROJAN Win32/1ms0rry Stealer Variant Checkin (trojan.rules)
2830215 - ETPRO CURRENT_EVENTS Successful MWeb Phish 2018-04-02 (current_events.rules)
2830216 - ETPRO CURRENT_EVENTS Successful Generic Window.Location Phish 2018-04-02 (current_events.rules)
2830217 - ETPRO CURRENT_EVENTS Successful HMRC Phish 2018-04-02 (current_events.rules)
2830218 - ETPRO CURRENT_EVENTS Successful ICS Phish 2018-04-02 (current_events.rules)
2830219 - ETPRO CURRENT_EVENTS Successful American Express Phish 2018-04-02 (current_events.rules)
2830220 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-04-02 (current_events.rules)
2830221 - ETPRO MOBILE_MALWARE Android/Spy.Agent.KK SMS/Contact Exfil via SMTP (mobile_malware.rules)
2830222 - ETPRO MOBILE_MALWARE Android/Spy.Agent.KK SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2830223 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 27 (mobile_malware.rules)
2830224 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 28 (mobile_malware.rules)
2830225 - ETPRO MOBILE_MALWARE Android/Spy.Agent.LL c SMS/Contact Exfil via SMTP (mobile_malware.rules)
2830226 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-02 1) (trojan.rules)
2830227 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-02 2) (trojan.rules)
2830228 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-02 3) (trojan.rules)
2830229 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-02 4) (trojan.rules)

[///]     Modified active rules:     [///]

2025446 - ET POLICY DNS Query to .onion proxy Domain (onion. sx) (policy.rules)
2025451 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
2829893 - ETPRO TROJAN Win32/GandCrab Ransomware CnC Activity M2 (trojan.rules)

[---]         Removed rules:         [---]

2830205 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-29 4) (trojan.rules)

Date: 
Monday, April 2, 2018 - 00:00