Daily Ruleset Update Summary 2018/04/09

[***]            Summary:            [***]

10 new Open, 35 new Pro (10 + 25). Bateleur CnC, Win32/Agent.SRX Checkin Response, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025473 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-04-09 (current_events.rules)
2025474 - ET CURRENT_EVENTS DHL Phishing Landing 2018-04-09 (current_events.rules)
2025475 - ET CURRENT_EVENTS Chase Phishing Landing 2018-04-09 (current_events.rules)
2025476 - ET CURRENT_EVENTS Docusign Phishing Landing 2018-04-09 (current_events.rules)
2025477 - ET CURRENT_EVENTS s0m3 Phishing Landing 2018-04-09 (current_events.rules)
2025478 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-04-09 (current_events.rules)
2025479 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-04-09 (current_events.rules)
2025480 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-04-09 (current_events.rules)
2025481 - ET CURRENT_EVENTS Apple Phishing Landing 2018-04-09 (current_events.rules)
2025482 - ET CURRENT_EVENTS Post.ch Cloned Phishing Landing 2018-04-09 (current_events.rules)

Pro:

2830300 - ETPRO TROJAN Win32/Agent.SRX Checkin Response (trojan.rules)
2830301 - ETPRO USER_AGENTS DriverUpdate PUA User-Agent (SupportNumber) (user_agents.rules)
2830302 - ETPRO USER_AGENTS DriverUpdate PUA User-Agent (SlimDrivers) (user_agents.rules)
2830303 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.w Checkin (mobile_malware.rules)
2830304 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.w Checkin 2 (mobile_malware.rules)
2830305 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.PN Checkin (mobile_malware.rules)
2830306 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.PN CnC Beacon (mobile_malware.rules)
2830307 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dm Checkin 2 (mobile_malware.rules)
2830308 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dm Checkin 3 (mobile_malware.rules)
2830309 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 16 (mobile_malware.rules)
2830310 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC) (trojan.rules)
2830311 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 17 (mobile_malware.rules)
2830312 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 312 (mobile_malware.rules)
2830313 - ETPRO TROJAN MSIL/DarkSky Checkin M2 (trojan.rules)
2830314 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2018-04-09 M1 (current_events.rules)
2830315 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2018-04-09 M2 (current_events.rules)
2830316 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2018-04-09 M3 (current_events.rules)
2830317 - ETPRO TROJAN Unknown Trojan CnC (trojan.rules)
2830318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 1) (trojan.rules)
2830319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 2) (trojan.rules)
2830320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 3) (trojan.rules)
2830321 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 4) (trojan.rules)
2830322 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 5) (trojan.rules)
2830323 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 6) (trojan.rules)
2830324 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-09 7) (trojan.rules)

[///]     Modified active rules:     [///]

2007616 - ET USER_AGENTS klm123.com Spyware User Agent (user_agents.rules)
2025400 - ET USER_AGENTS APN/Ask Toolbar PUA/PUP User-Agent (user_agents.rules)
2804967 - ETPRO TROJAN Win32/Bancos.AEW Checkin (trojan.rules)
2828533 - ETPRO TROJAN W32.Gorno/n0f1l3 Stealer Checkin (trojan.rules)
2829261 - ETPRO TROJAN MSIL/DarkSky CnC Checkin (trojan.rules)
2830111 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ALE / ArmedRocket Checkin (mobile_malware.rules)
2830271 - ETPRO TROJAN Win32/Rarog CnC Connectivity Check (trojan.rules)

Date: 
Monday, April 9, 2018 - 00:00