Daily Ruleset Update Summary 2018/05/01

[***]            Summary:            [***]

4 new Open, 26 new Pro (4 + 22). Java/QRat, W32/ExtenBro.EL, sLoad, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025549 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-05-01 (current_events.rules)
2025550 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-05-01 (current_events.rules)
2025551 - ET CURRENT_EVENTS Docusign Phishing Landing 2018-05-01 (current_events.rules)
2025552 - ET TROJAN Java/QRat Variant Checkin (trojan.rules)

Pro:

2830624 - ETPRO MALWARE MSIL/DotDo.Adware CnC Checkin (malware.rules)
2830625 - ETPRO TROJAN W32/ExtenBro.EL CnC Checkin (trojan.rules)
2830626 - ETPRO CURRENT_EVENTS GreenFlash / Sundown EK Fake GIF Inbound (current_events.rules)
2830627 - ETPRO TROJAN Unknown Stealer Checkin M1 2018-05-01 (trojan.rules)
2830628 - ETPRO TROJAN Unknown Stealer Checkin M2 2018-05-01 (trojan.rules)
2830629 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2830630 - ETPRO MALWARE Win32/Atshz.A Checkin (malware.rules)
2830631 - ETPRO MALWARE Win32/Atshz.A Checkin M2 (malware.rules)
2830632 - ETPRO TROJAN sLoad CnC Checkin (trojan.rules)
2830633 - ETPRO TROJAN sLoad CnC Checkin M2 (trojan.rules)
2830634 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M4 (trojan.rules)
2830635 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-01) (current_events.rules)
2830636 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-01 (current_events.rules)
2830637 - ETPRO CURRENT_EVENTS Observed MalDoc User-Agent (AXV4G) (current_events.rules)
2830638 - ETPRO TROJAN Win32/Unk.BrowserHijacker VNC Activity (trojan.rules)
2830639 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-05-01 (current_events.rules)
2830640 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-05-01 (current_events.rules)
2830641 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2018-05-01 (current_events.rules)
2830642 - ETPRO CURRENT_EVENTS Successful Xfinity Phish 2018-05-01 (current_events.rules)
2830643 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-01 1) (trojan.rules)
2830644 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-01 2) (trojan.rules)
2830645 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-01 3) (trojan.rules)

[///]     Modified active rules:     [///]

2017134 - ET WEB_SERVER WebShell - Generic - GIF Header With HTML Form (web_server.rules)
2025452 - ET TROJAN Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup) (trojan.rules)
2025453 - ET TROJAN Observed GandCrab Ransomware Domain (zonealarm .bit in DNS Lookup) (trojan.rules)
2025546 - ET TROJAN Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup) (trojan.rules)
2807546 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin 2 (trojan.rules)
2828859 - ETPRO CURRENT_EVENTS Possible GreenFlash SunDown EK Exploit (current_events.rules)
2829321 - ETPRO TROJAN W32/z.wll Checkin (trojan.rules)

[---]         Removed rules:         [---]

2016430 - ET TROJAN Trojan-Downloader.Win32.Agent.vhvw Checkin MINIASP (trojan.rules)
2810158 - ETPRO TROJAN Win32/Hyteod Initial CnC Beacon (trojan.rules)
2810159 - ETPRO TROJAN Win32/Hyteod Initial CnC Beacon Response (trojan.rules)
2829894 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M3 (trojan.rules)

Date: 
Tuesday, May 1, 2018 - 00:00