Daily Ruleset Update Summary 2018/04/17

[***]            Summary:            [***]

1 new Open, 32 new Pro (1 + 31). PY.StalkerRAT, Win32.Invader, MSIL/Eredel Stealer, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025513 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-04-17 (current_events.rules)

Pro:

2830420 - ETPRO TROJAN RadRAT Checkin (trojan.rules)
2830421 - ETPRO TROJAN PY.StalkerRAT Checkin (trojan.rules)
2830422 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830423 - ETPRO TROJAN Observed Cobalt Group CnC Domain in TLS SNI (trojan.rules)
2830424 - ETPRO MALWARE Win32/Adware.HPDefender.D Reporting PUP Install Error (malware.rules)
2830425 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving EXE (current_events.rules)
2830426 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI (mobile_malware.rules)
2830427 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 2 (mobile_malware.rules)
2830428 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 3 (mobile_malware.rules)
2830429 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 4 (mobile_malware.rules)
2830430 - ETPRO TROJAN Win32.Invader Checkin M2 (regnew) (trojan.rules)
2830431 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 5 (mobile_malware.rules)
2830432 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 6 (mobile_malware.rules)
2830433 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 7 (mobile_malware.rules)
2830434 - ETPRO TROJAN Win32.Invader Checkin M3 (update) (trojan.rules)
2830435 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 8 (mobile_malware.rules)
2830436 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 9 (mobile_malware.rules)
2830437 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 10 (mobile_malware.rules)
2830438 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 11 (mobile_malware.rules)
2830439 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 12 (mobile_malware.rules)
2830440 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 13 (mobile_malware.rules)
2830441 - ETPRO MOBILE_MALWARE Android TeleRAT Domain Request in SNI 14 (mobile_malware.rules)
2830442 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-04-17 (current_events.rules)
2830443 - ETPRO MALWARE Observed Win32/Foniad Domain (suggedin .info in DNS Lookup) (malware.rules)
2830444 - ETPRO CURRENT_EVENTS Successful American Express Phish 2018-04-17 (current_events.rules)
2830445 - ETPRO TROJAN Observed MSIL/ParaWire CnC Domain (irapware .club in TLS SNI) (trojan.rules)
2830446 - ETPRO TROJAN MSIL/Eredel Stealer CnC Checkin (trojan.rules)
2830447 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-17 1) (trojan.rules)
2830448 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-17 2) (trojan.rules)
2830449 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-17 3) (trojan.rules)
2830450 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-17 4) (trojan.rules)

[///]     Modified active rules:     [///]

2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2016754 - ET POLICY Internal Host Retrieving External IP via myip.dnsomatic.com (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2830173 - ETPRO TROJAN IcedID/Emotet Certificate Observed M1 (trojan.rules)
2830405 - ETPRO TROJAN Backdoor.Win32.Volt IP Style Check (trojan.rules)
2830410 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.al Checkin (mobile_malware.rules)

Date: 
Tuesday, April 17, 2018 - 00:00