Daily Ruleset Update Summary 2018/05/07

[***]            Summary:            [***]

2 new Open, 27 new Pro (2 + 25). MarbleCoin Wallet, BKransomware, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025559 - ET TROJAN BKransomware Domain (3whyfziey2vr41yq in DNS Lookup) (trojan.rules)
2025560 - ET INFO Observed DNS Query to .myq-see .com DDNS Domain (info.rules)

Pro:

2830706 - ETPRO POLICY MarbleCoin Wallet Joining IRC for P2P Seeding (policy.rules)
2830707 - ETPRO POLICY MarbleCoin Wallet sharing updates via P2P (policy.rules)
2830708 - ETPRO POLICY Cryptocurrency Wallet Joining IRC for P2P Seeding (policy.rules)
2830709 - ETPRO MOBILE_MALWARE Android/Agent.ATG Sending Sensitive Information to CnC (mobile_malware.rules)
2830710 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 38 (mobile_malware.rules)
2830711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 1) (trojan.rules)
2830712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 2) (trojan.rules)
2830713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 3) (trojan.rules)
2830714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 4) (trojan.rules)
2830715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 5) (trojan.rules)
2830716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 6) (trojan.rules)
2830717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 7) (trojan.rules)
2830718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 8) (trojan.rules)
2830719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 9) (trojan.rules)
2830720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 10) (trojan.rules)
2830721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 11) (trojan.rules)
2830722 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 12) (trojan.rules)
2830723 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 13) (trojan.rules)
2830724 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 14) (trojan.rules)
2830725 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 15) (trojan.rules)
2830726 - ETPRO CURRENT_EVENTS Successful Skype Phish Oct 23 2017 (current_events.rules)
2830727 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wifle.A CallLog/SMS Exfil (mobile_malware.rules)
2830728 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wifle.A CnC Beacon (mobile_malware.rules)
2830729 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wifle.A CnC Beacon 2 (mobile_malware.rules)
2830730 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-05-07 (current_events.rules)

[///]     Modified active rules:     [///]

2815395 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon M2 (trojan.rules)
2829688 - ETPRO TROJAN Kovter Malicious SSL Certificate Detected (trojan.rules)
2829821 - ETPRO TROJAN Panda.Banker Malicious SSL Certificate Detected (trojan.rules)
2829959 - ETPRO TROJAN StrongPity APT SSL Certificate Detected (trojan.rules)
2830009 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC) (trojan.rules)
2830310 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC) (trojan.rules)

[---]         Removed rules:         [---]

2022960 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Ixeshe CnC) (trojan.rules)
2812778 - ETPRO CURRENT_EVENTS Hunter EK/Metasploit Firefox payload M2 (current_events.rules)

Date: 
Monday, May 7, 2018 - 00:00