Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/07/30

[***]            Summary:            [***]

1 new Open, 26 new Pro (1 + 25). Win32/PredatorStealer, Aurora Ransomware, Various Mobile, Phishing.

[+++]          Added rules:          [+++]

Open:

2025919 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-07-30 (current_events.rules)

Pro:

2831993 - ETPRO CURRENT_EVENTS Possible Coin Miner Downloader Retrieving EXE Payload (cpu32) (current_events.rules)
2831994 - ETPRO CURRENT_EVENTS Possible Coin Miner Downloader Retrieving Payload (cpu64) (current_events.rules)
2831995 - ETPRO TROJAN Win32/PredatorStealer Sending Data to CnC (trojan.rules)
2831996 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-30 (current_events.rules)
2831997 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg Device Info Exfil (mobile_malware.rules)
2831998 - ETPRO TROJAN Unknown APT VBS/PS/VBA Downloader (trojan.rules)
2831999 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-07-30) (current_events.rules)
2832000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-07-30 2) (current_events.rules)
2832001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2832002 - ETPRO TROJAN Aurora Ransomware CnC Checkin (trojan.rules)
2832003 - ETPRO MOBILE_MALWARE Android.Adware.Agent.KX CnC Beacon (mobile_malware.rules)
2832004 - ETPRO TROJAN RootService RCS CnC Activity (trojan.rules)
2832005 - ETPRO TROJAN Win32.Neshta.a Checkin (trojan.rules)
2832006 - ETPRO TROJAN Win32.Occamy.B Checkin (trojan.rules)
2832007 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 1) (trojan.rules)
2832008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 2) (trojan.rules)
2832009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 3) (trojan.rules)
2832010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 4) (trojan.rules)
2832011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 5) (trojan.rules)
2832012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 6) (trojan.rules)
2832013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 7) (trojan.rules)
2832014 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 8) (trojan.rules)
2832015 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 9) (trojan.rules)
2832016 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 10) (trojan.rules)
2832017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-30 11) (trojan.rules)

[///]     Modified active rules:     [///]

2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com) (trojan.rules)
2025880 - ET CURRENT_EVENTS Volexity - JS Sniffer Data Theft Beacon Detected (current_events.rules)
2827749 - ETPRO TROJAN IDKEY/Ghoul Banker Checkin (trojan.rules)
2827750 - ETPRO TROJAN IDKEY/Ghoul Banker Exfil System Info (trojan.rules)
2830717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-07 7) (trojan.rules)

Date:
Summary title:
1 new Open, 26 new Pro (1 + 25). Win32/PredatorStealer, Aurora Ransomware, Various Mobile, Phishing.