Daily Ruleset Update Summary 2018/09/06

[***]            Summary:            [***]

2 new Open, 15 new Pro (2 + 13). Win32/Aura Ransomware, MR.Dropper.KR TLS SNI, N0F1L3/Eredel Stealer Variant.

[+++]          Added rules:          [+++]

Open:

2026099 - ET TROJAN Win32/Aura Ransomware CnC Activity (trojan.rules)
2026100 - ET USER_AGENTS Aura Ransomware User-Agent (user_agents.rules)

Pro:

2832467 - ETPRO INFO HTTP Request for Single Char PS1 (info.rules)
2832468 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832469 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832470 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload Inbound 2018-09-06) (trojan.rules)
2832471 - ETPRO TROJAN Ursnif Variant CnC Beacon 9 M1 (trojan.rules)
2832472 - ETPRO TROJAN Ursnif Variant CnC Beacon 9 M2 (trojan.rules)
2832473 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Landing Sep 2018 M2 (current_events.rules)
2832474 - ETPRO TROJAN N0F1L3/Eredel Stealer Variant CnC Checkin (trojan.rules)
2832475 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1 2018-09-27 (current_events.rules)
2832476 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 1) (trojan.rules)
2832477 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 2) (trojan.rules)
2832478 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 3) (trojan.rules)
2832479 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-06 4) (trojan.rules)

[///]     Modified active rules:     [///]

2025982 - ET TROJAN MSIL/Eredel Stealer CnC Checkin (trojan.rules)
2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check (trojan.rules)
2832438 - ETPRO TROJAN Win32/DanaBot CnC Checkin (trojan.rules)

Date: 
Thursday, September 6, 2018 - 00:00