Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/05/14

[***]            Summary:            [***]

27 new Pro. Various MalDocs, Various Mobile.

[+++]          Added rules:          [+++]

2830821 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 327 (mobile_malware.rules)
2830822 - ETPRO CURRENT_EVENTS Observed MalDoc Retrieving EXE Payload 2018-05-14 (current_events.rules)
2830823 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 328 (mobile_malware.rules)
2830824 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-14) (current_events.rules)
2830825 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 329 (mobile_malware.rules)
2830826 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 330 (mobile_malware.rules)
2830827 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 331 (mobile_malware.rules)
2830828 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 332 (mobile_malware.rules)
2830829 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Bancos Variant CnC) (trojan.rules)
2830830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 1) (trojan.rules)
2830831 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 2) (trojan.rules)
2830832 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 3) (trojan.rules)
2830833 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 4) (trojan.rules)
2830834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 5) (trojan.rules)
2830835 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 6) (trojan.rules)
2830836 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 7) (trojan.rules)
2830837 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 8) (trojan.rules)
2830838 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 9) (trojan.rules)
2830839 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 10) (trojan.rules)
2830840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 11) (trojan.rules)
2830841 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 12) (trojan.rules)
2830842 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 13) (trojan.rules)
2830843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 14) (trojan.rules)
2830844 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 15) (trojan.rules)
2830845 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-14 16) (trojan.rules)
2830846 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 333 (mobile_malware.rules)
2830847 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 334 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2822298 - ETPRO TROJAN iSpy/HawkSpy/HawkEye Keylogger PWS Exfil via HTTP (trojan.rules)

[---]         Disabled rules:        [---]

2013900 - ET TROJAN W32/Yaq Checkin (trojan.rules)
2013902 - ET TROJAN Win32.BlackControl Retrieving IP Information (trojan.rules)
2013903 - ET TROJAN Suspicious User Agent GetFile (trojan.rules)
2013904 - ET TROJAN W32/Rimecud User Agent beat (trojan.rules)
2013905 - ET TROJAN Suspicious User Agent banderas (trojan.rules)
2013912 - ET TROJAN P2P Zeus Response From CnC (trojan.rules)
2013935 - ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT Response (trojan.rules)
2013948 - ET TROJAN PWS.TIBIA Checkin or Data Post (trojan.rules)
2013949 - ET TROJAN PWS.TIBIA Checkin or Data Post 2 (trojan.rules)
2013951 - ET TROJAN Win32/Rimecud.A User-Agent (needit) (trojan.rules)
2013952 - ET TROJAN TR/Rimecud.aksa User-Agent (indy) (trojan.rules)
2013953 - ET TROJAN Win32/Rimecud.A User-Agent (counters) (trojan.rules)
2013954 - ET TROJAN Win32/Rimecud.A User-Agent (giftz) (trojan.rules)
2013963 - ET TROJAN Win32.Sality User-Agent (Internet Explorer 5.01) (trojan.rules)
2013977 - ET TROJAN TDSS DNS Based Internet Connectivity Check (trojan.rules)
2013998 - ET TROJAN W32/Jorik DDOS Instructions From CnC Server (trojan.rules)
2014014 - ET TROJAN Zeus Checkin Header Pattern (trojan.rules)
2014028 - ET TROJAN Likely CryptMEN FakeAV Download vclean (trojan.rules)
2014029 - ET TROJAN Agent.UGP!tr/Cryptor/Graftor Dropper Requesting exe (trojan.rules)
2014040 - ET TROJAN Win32.PowerPointer checkin (trojan.rules)
2014044 - ET TROJAN SpyEye Checkin version 1.3.25 or later 2 (trojan.rules)
2014055 - ET TROJAN Win32/Hilgild!gen.A CnC Communication (trojan.rules)
2014066 - ET TROJAN Trojan-Clicker.Win32.VB.gnf Reporting (trojan.rules)
2014084 - ET TROJAN TROJAN Win32.OnlineGames.Bft Reporting (trojan.rules)
2014093 - ET TROJAN Downloader.Win32.Nurech Checkin UA (trojan.rules)
2014099 - ET TROJAN Exploit Kit Delivering Office File to Client (trojan.rules)
2014105 - ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy (trojan.rules)
2014107 - ET TROJAN Zeus POST Request to CnC - cookie variation (trojan.rules)
2014114 - ET TROJAN Delf/Troxen/Zema Reporting 1 (trojan.rules)
2014115 - ET TROJAN Delf/Troxen/Zema Reporting 2 (trojan.rules)
2014146 - ET TROJAN Win32/Spy.Banker Reporting Via SMTP (trojan.rules)
2014150 - ET TROJAN Suspicious executable download possible Trojan NgrBot (trojan.rules)
2014152 - ET TROJAN Gozi Checkin to CnC (trojan.rules)
2014172 - ET TROJAN TROJAN ClickCounter Connectivity Check (trojan.rules)
2014200 - ET TROJAN Dapato/Cleaman Checkin (trojan.rules)
2014208 - ET TROJAN TLD4 Purple Haze Variant Initial CnC Request for Ad Servers (trojan.rules)
2014216 - ET TROJAN Delf/Troxen/Zema controller responding to client (trojan.rules)
2014217 - ET TROJAN Delf/Troxen/Zema controller delivering clickfraud instructions (trojan.rules)
2014219 - ET TROJAN TSPY_SPCESEND.A Checkin (trojan.rules)
2014222 - ET TROJAN QDIGIT Trojan Protocol detected (trojan.rules)
2014223 - ET TROJAN UPDATE Protocol Trojan Communication detected on http ports (trojan.rules)
2014224 - ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports (trojan.rules)
2014229 - ET TROJAN NfLog Checkin (trojan.rules)
2014230 - ET TROJAN Karagany/Kazy Obfuscated Payload Download (trojan.rules)
2014247 - ET TROJAN Sefnit Checkin 4 (trojan.rules)
2014248 - ET TROJAN Sefnit Checkin 5 (trojan.rules)
2014263 - ET TROJAN W32/Pasta.IK Checkin (trojan.rules)
2014266 - ET TROJAN Trojan.Win32.NfLog Checkin (TTip) (trojan.rules)
2014300 - ET TROJAN Win32/Kryptik.ABUD Checkin (trojan.rules)
2014307 - ET TROJAN W32/SelfStarterInternet.InfoStealer Checkin (trojan.rules)
2014309 - ET TROJAN W32/LockScreen Scareware Geolocation Request (trojan.rules)
2014347 - ET TROJAN Peed Checkin (trojan.rules)
2014356 - ET TROJAN W32/ProxyChanger.InfoStealer Checkin (trojan.rules)
2014357 - ET TROJAN W32/Kazy Checkin (trojan.rules)
2014358 - ET TROJAN Backdoor.Win32.Riern.K Checkin Off Port (trojan.rules)
2014361 - ET TROJAN Win32/Protux.B Download Update (trojan.rules)
2014364 - ET TROJAN W32.Blocker Checkin (trojan.rules)
2014387 - ET TROJAN Generic Dropper User-Agent (XXXwww) (trojan.rules)
2014399 - ET TROJAN Trojan-Spy.Win32.Zbot.djrm Checkin (trojan.rules)
2014405 - ET TROJAN Cridex.B/Feodo Checkin (trojan.rules)
2014428 - ET TROJAN SpyEye Checkin version 1.3.25 or later 3 (trojan.rules)
2014437 - ET TROJAN FakeAV Landing Page - Initializing Protection System (trojan.rules)
2014464 - ET TROJAN DwnLdr-JMZ Downloading Binary (trojan.rules)
2014465 - ET TROJAN DwnLdr-JMZ Downloading Binary 2 (trojan.rules)
2014467 - ET TROJAN Win32.Datamaikon Checkin NewAgent (trojan.rules)
2015653 - ET TROJAN Rogue.Win32/Winwebsec Install (trojan.rules)
2016907 - ET TROJAN Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT) (trojan.rules)
2804001 - ETPRO TROJAN Win32/TrojanDownloader.Delf.QUT Checkin (trojan.rules)
2804011 - ETPRO TROJAN Kazy.41153 Checkin (trojan.rules)
2804015 - ETPRO TROJAN HackTool.Win32.Kiser.aqa INSTALL (trojan.rules)
2804032 - ETPRO TROJAN Win32/Bancos.DV Reporting via SMTP 3 (trojan.rules)
2804047 - ETPRO TROJAN Win32/Ldpinch Checkin (trojan.rules)
2804070 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.amvh Checkin (trojan.rules)
2804126 - ETPRO TROJAN TrojanSpy.Win32/Bancos.ADR Checkin (trojan.rules)
2804214 - ETPRO TROJAN Trojan.Win32.Inject.cdbt Checkin (trojan.rules)
2804223 - ETPRO TROJAN Win32/Nuwar.gen!lds Checkin (trojan.rules)
2804255 - ETPRO TROJAN Backdoor.Win32/Jukbot.B Checkin (trojan.rules)
2804432 - ETPRO TROJAN Trojan-PSW.Win32.QQShou.aqr Checkin (trojan.rules)
2804443 - ETPRO TROJAN Win32/Banload.gen!B Checkin (trojan.rules)
2804457 - ETPRO TROJAN TrojanSpy.Win32/Bancos.gen!A sending info via smtp (trojan.rules)
2804474 - ETPRO TROJAN Win32/Spy.Banker.XBV Checkin (trojan.rules)
2804543 - ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (trojan.rules)
2804577 - ETPRO TROJAN TrojanDownloader.Win32/Waledac.C Checkin (trojan.rules)
2804610 - ETPRO TROJAN Trojan.Win32.Chifrax.dgn Checkin (trojan.rules)
2804632 - ETPRO TROJAN Proxy.Win32.Agent.bvy Checkin (trojan.rules)
2804717 - ETPRO TROJAN Backdoor.Win32.Koutodoor.aihc Checkin (trojan.rules)
2804738 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.afwq Checkin (trojan.rules)

Date:
Summary title:
27 new Pro. Various MalDocs, Various Mobile.