Daily Ruleset Update Summary 2018/04/30

[***]            Summary:            [***]

3 new Open, 20 new Pro (3 + 17). GandCrab, OfferBox Adware, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025546 - ET TROJAN Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup) (trojan.rules)
2025547 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M1 (trojan.rules)
2025548 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M2 (trojan.rules)

Pro:

2830607 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-04-30) (current_events.rules)
2830608 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-04-30 2) (current_events.rules)
2830609 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 320 (mobile_malware.rules)
2830610 - ETPRO TROJAN W32/Banload CnC Domain in SNI (scan-x9 .gleeze .com) (trojan.rules)
2830611 - ETPRO TROJAN Observed Malicious SSL Cert (W32/Banload CnC) (trojan.rules)
2830612 - ETPRO MALWARE OfferBox Adware User-Agent Observed (OfferboxStatisticPing) (malware.rules)
2830613 - ETPRO TROJAN MSIL/Zusy Variant CnC Activity (trojan.rules)
2830614 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 1) (trojan.rules)
2830615 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 2) (trojan.rules)
2830616 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 3) (trojan.rules)
2830617 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 4) (trojan.rules)
2830618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 5) (trojan.rules)
2830619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 6) (trojan.rules)
2830620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 7) (trojan.rules)
2830621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 8) (trojan.rules)
2830622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 9) (trojan.rules)
2830623 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-30 10) (trojan.rules)

[///]     Modified active rules:     [///]

2025026 - ET CURRENT_EVENTS Successful Generic Phish (set) Aug 21 2017 (current_events.rules)

[---]         Removed rules:         [---]

2012149 - ET WEB_CLIENT MS10-090 IE CSS Exploit Metasploit POC Specific Unicoded (web_client.rules)
2830598 - ETPRO TROJAN Observed Malicious SSL Cert (W32/Troldesh CnC) (trojan.rules)
2830599 - ETPRO TROJAN W32/Troldesh CnC Domain in SNI (www .bwtyz456 .com) (trojan.rules)

Date: 
Monday, April 30, 2018 - 00:00