Daily Ruleset Update Summary 2018/04/23

[***]            Summary:            [***]

1 new Open, 19 new Pro (1 + 18). W32/Nymaim, MSIL/NewWave Miner, Various Phishing, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025530 - ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2 (trojan.rules)

Pro:

2830511 - ETPRO TROJAN W32/Nymaim Checkin 9 (trojan.rules)
2830512 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven File Exfil (mobile_malware.rules)
2830513 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Device Info Exfil (mobile_malware.rules)
2830514 - ETPRO TROJAN MSIL/NewWave Miner Config Inbound (trojan.rules)
2830515 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Location Exfil (mobile_malware.rules)
2830516 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven SMS Exfil (mobile_malware.rules)
2830517 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven CnC Beacon (mobile_malware.rules)
2830518 - ETPRO TROJAN Win32/StressPaint CnC Domain in SNI (down .adeoalennvasc243822 .online) (trojan.rules)
2830519 - ETPRO TROJAN Win32/StressPaint CnC Domain in SNI (api .adeoalennvasc243822 .online) (trojan.rules)
2830520 - ETPRO TROJAN MSIL/TBR Screenshot Upload (trojan.rules)
2830521 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-04-23 (current_events.rules)
2830522 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 1) (trojan.rules)
2830523 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 2) (trojan.rules)
2830524 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 3) (trojan.rules)
2830525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 4) (trojan.rules)
2830526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 5) (trojan.rules)
2830527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 6) (trojan.rules)
2830528 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-23 7) (trojan.rules)

[///]     Modified active rules:     [///]

2025429 - ET TROJAN Arkei Stealer IP Lookup (trojan.rules)
2025430 - ET TROJAN Arkei Stealer Config Download Request (trojan.rules)
2025431 - ET TROJAN Arkei Stealer Client Data Upload (trojan.rules)
2827600 - ETPRO TROJAN Koadic Loader HTA Downloaded (trojan.rules)
2828509 - ETPRO TROJAN Koadic Backdoor CnC Beacon (trojan.rules)
2828510 - ETPRO TROJAN Koadic Backdoor Receiving Payload (trojan.rules)
2829936 - ETPRO TROJAN Win32/Grobios CnC Checkin (trojan.rules)
2829937 - ETPRO TROJAN Win32/QQWare.AA Stealer Checkin (trojan.rules)
2829938 - ETPRO TROJAN Win32/QQWare.AA Stealer Checkin M2 (trojan.rules)
2829939 - ETPRO TROJAN MSIL/JanHof RAT Checkin 1 (trojan.rules)
2829940 - ETPRO TROJAN MSIL/JanHof RAT Checkin 2 (trojan.rules)

[---]         Removed rules:         [---]

2016193 - ET CURRENT_EVENTS DRIVEBY Unknown - Landing Page Requested - /?Digit (current_events.rules)

Date: 
Monday, April 23, 2018 - 00:00