Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/05/31

[***]            Summary:            [***]

1 new Open, 30 new Pro (1 + 29). Win32/Phorpiex, Win32/Brambul, Win32.DanaBot, Various Phish, Mobile.

[+++]          Added rules:          [+++]

Open:

2025587 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2018-05-31 (current_events.rules)

Pro:

2831089 - ETPRO TROJAN Win32/Phorpiex Bot Checkin (via HTTP) (trojan.rules)
2831090 - ETPRO TROJAN Win32/Brambul Style SMB Scanning (trojan.rules)
2831091 - ETPRO TROJAN Ursnif Inject Domain (swiesa .com in TLS SNI) (trojan.rules)
2831092 - ETPRO TROJAN Ursnif Inject Domain (oncofonderot .top in TLS SNI) (trojan.rules)
2831093 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC Domain) (trojan.rules)
2831094 - ETPRO TROJAN Win32/Occamy.C Checkin (trojan.rules)
2831095 - ETPRO TROJAN Remcos RAT Checkin 19 (trojan.rules)
2831096 - ETPRO TROJAN Win32.DanaBot HTTP Checkin M3 (trojan.rules)
2831097 - ETPRO TROJAN Win32.DanaBot HTTP Checkin M2 (trojan.rules)
2831098 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.WitchCat CnC Beacon (mobile_malware.rules)
2831099 - ETPRO TROJAN Win32.DanaBot HTTP Checkin M4 (trojan.rules)
2831100 - ETPRO TROJAN Win32.DanaBot HTTP Checkin M5 (trojan.rules)
2831101 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 356 (mobile_malware.rules)
2831102 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 357 (mobile_malware.rules)
2831103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-31 1) (trojan.rules)
2831104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-31 2) (trojan.rules)
2831105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-31 3) (trojan.rules)
2831106 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-31 4) (trojan.rules)
2831107 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-31 5) (trojan.rules)
2831108 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 2018-05-31 (current_events.rules)
2831109 - ETPRO CURRENT_EVENTS Successful American Express Phish M2 2018-05-31 (current_events.rules)
2831110 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group DL) (trojan.rules)
2831111 - ETPRO CURRENT_EVENTS Successful American Express Phish M3 2018-05-31 (current_events.rules)
2831112 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-31) (current_events.rules)
2831113 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-31 2) (current_events.rules)
2831114 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-31 3) (current_events.rules)
2831115 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-31 4) (current_events.rules)
2831116 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-31 5) (current_events.rules)
2831117 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-05-31 (current_events.rules)

[///]     Modified active rules:     [///]

2021441 - ET TROJAN KeyBase Keylogger Uploading Screenshots (trojan.rules)
2803757 - ETPRO TROJAN Win32.DanaBot HTTP Checkin (trojan.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2830756 - ETPRO TROJAN Win32.DanaBot Starting VNC Module (trojan.rules)
2830765 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon (mobile_malware.rules)
2830786 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 9 (mobile_malware.rules)
2830854 - ETPRO MOBILE_MALWARE Trojan.Android.Click.efpwxg Checkin (mobile_malware.rules)
2830864 - ETPRO MOBILE_MALWARE Android/HiddenApp.GH Checkin (mobile_malware.rules)
2830868 - ETPRO MOBILE_MALWARE Android/Monitor.SpyHuman Checkin (mobile_malware.rules)
2830870 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce CnC Beacon (mobile_malware.rules)
2830873 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AMH Checkin (mobile_malware.rules)
2830889 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw/SlemBunk/SLocker SMS Exfil (mobile_malware.rules)
2830939 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Agent.cr Checkin (mobile_malware.rules)
2830967 - ETPRO MOBILE_MALWARE Android-PUP/Gallm.22d58 Checkin (mobile_malware.rules)
2830996 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.pf CnC Beacon (mobile_malware.rules)
2831000 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin (mobile_malware.rules)
2831001 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin 2 (mobile_malware.rules)
2831002 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab Checkin 3 (mobile_malware.rules)
2831037 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 1 (mobile_malware.rules)
2831038 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 2 (mobile_malware.rules)
2831039 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 3 (mobile_malware.rules)
2831040 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 4 (mobile_malware.rules)
2831041 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 5 (mobile_malware.rules)
2831042 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 6 (mobile_malware.rules)
2831043 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 7 (mobile_malware.rules)
2831050 - ETPRO TROJAN QuadAgent CnC Domain (rdppath .com in TLS SNI) (trojan.rules)
2831055 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.bf Checkin (mobile_malware.rules)

Date:
Summary title:
1 new Open, 30 new Pro (1 + 29). Win32/Phorpiex, Win32/Brambul, Win32.DanaBot, Various Phish, Mobile.