Daily Ruleset Update Summary 2018/04/19

[***]            Summary:            [***]

4 new Open, 24 new Pro (4 + 20). Win32/TrojanDropper.Agent.RTR, Win32/SocStealer!rfn, Various Phishing, Various Mobile.

Thanks: @bjornruberg

[+++]          Added rules:          [+++]

Open:

2025515 - ET CURRENT_EVENTS PDF Cloud Phishing Landing 2018-04-19 (current_events.rules)
2025516 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-04-19 (current_events.rules)
2025517 - ET CURRENT_EVENTS Dropbox 000webhost Phishing Landing 2018-04-19 (current_events.rules)
2025518 - ET POLICY Vulnerable Java Version 10.0.x Detected (policy.rules)

Pro:

2830472 - ETPRO MOBILE_MALWARE Android/Iop.DL Variant Requesting Payloads (mobile_malware.rules)
2830473 - ETPRO MALWARE MSIL/Adware.Clicker.1.Gen CnC Checkin (malware.rules)
2830474 - ETPRO TROJAN Win32/TrojanDropper.Agent.RTR CnC Checkin (trojan.rules)
2830475 - ETPRO CURRENT_EVENTS Likely Evil VBS Download to Retrieve and Execute Coin Miner (current_events.rules)
2830476 - ETPRO MOBILE_MALWARE Android/Agent.AGK CnC Checkin (mobile_malware.rules)
2830477 - ETPRO TROJAN Win32/SocStealer!rfn Checkin M1 (trojan.rules)
2830478 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-19 1) (trojan.rules)
2830479 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-19 2) (trojan.rules)
2830480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-19 3) (trojan.rules)
2830481 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-19 4) (trojan.rules)
2830482 - ETPRO TROJAN MSIL/Kryptik.EPT CnC Checkin (trojan.rules)
2830483 - ETPRO TROJAN Observed Malicious User-Agent (WinInetGet/) (trojan.rules)
2830484 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-04-19 (current_events.rules)
2830485 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-04-19 (current_events.rules)
2830486 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-04-19 (current_events.rules)
2830487 - ETPRO CURRENT_EVENTS Successful Email Verification Phish 2018-04-19 (current_events.rules)
2830488 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-04-19 (current_events.rules)
2830489 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-04-19 Domain (ticketsmaster .win in TLS SNI) (current_events.rules)
2830490 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 36 (mobile_malware.rules)
2830491 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.P Reporting via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2011581 - ET POLICY Vulnerable Java Version 1.5.x Detected (policy.rules)
2011584 - ET POLICY Vulnerable Java Version 1.4.x Detected (policy.rules)
2016539 - ET CURRENT_EVENTS Java Download non Jar file (current_events.rules)
2025314 - ET POLICY Vulnerable Java Version 9.0.x Detected (policy.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2827384 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step Phish Aug 03 2017 (current_events.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)

[---]         Removed rules:         [---]

2023187 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 12 2016 (current_events.rules)

Date: 
Thursday, April 19, 2018 - 00:00