Daily Ruleset Update Summary 2018/09/18

[***]            Summary:            [***]

1 new Open, 23 new Pro (1 + 22). Win32/ICLoader UA, Win32/ShamSalt, Win32/Phorpiex, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026114 - ET MALWARE Luxsoft Win32/ICLoader User-Agent (malware.rules)

Pro:

2832652 - ETPRO TROJAN Win32/ShamSalt CnC Beacon (trojan.rules)
2832653 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-18 1) (trojan.rules)
2832654 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-18 2) (trojan.rules)
2832655 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-18 3) (trojan.rules)
2832656 - ETPRO CURRENT_EVENTS Fallout EK Landing 2018-08-30 M3 (current_events.rules)
2832657 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-18) (current_events.rules)
2832658 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-18 (current_events.rules)
2832659 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-09-18 (current_events.rules)
2832660 - ETPRO CURRENT_EVENTS Successful BT Phish 2018-09-18 (current_events.rules)
2832661 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-09-18 (current_events.rules)
2832662 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-09-18 (current_events.rules)
2832663 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2018-09-18 (current_events.rules)
2832664 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-09-18 (current_events.rules)
2832665 - ETPRO TROJAN Unknown RektBot Check-In (trojan.rules)
2832666 - ETPRO TROJAN Win32/Phorpiex VNC Module Sending PowerShell Downloader M1 - OUTBOUND (trojan.rules)
2832667 - ETPRO TROJAN Win32/Phorpiex PowerShell Downloader Received from VNC Module M1 - INBOUND (trojan.rules)
2832668 - ETPRO TROJAN Win32/Phorpiex VNC Module Sending PowerShell Downloader M2 - OUTBOUND (trojan.rules)
2832669 - ETPRO TROJAN Win32/Phorpiex PowerShell Downloader Received from VNC Module M2 - INBOUND (trojan.rules)
2832670 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832671 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 414 (mobile_malware.rules)
2832672 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 415 (mobile_malware.rules)
2832673 - ETPRO TROJAN MSIL/Acrux Miner Stealer User-Agent (trojan.rules)

[///]     Modified active rules:     [///]

2025330 - ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) (policy.rules)
2829826 - ETPRO TROJAN W32/Kutaki Checkin (trojan.rules)
2831164 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter) (trojan.rules)
2832050 - ETPRO TROJAN Observed Malicious SSL Cert (JS/BrushaLoader CnC Domain) (trojan.rules)
2832293 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Adware.Zdengo.BCX CnC Domain) (malware.rules)
2832417 - ETPRO TROJAN Win32/Engr Wiz CnC Activity 1 (trojan.rules)
2832419 - ETPRO TROJAN Win32/Engr Wiz CnC Activity 2 (trojan.rules)
2832428 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound 2018-09-03 (current_events.rules)
2832435 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC Domain) (malware.rules)
2832515 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832516 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832600 - ETPRO TROJAN STOP/SAVEFiles Ransomware CnC Checkin (trojan.rules)
2832601 - ETPRO TROJAN STOP/SAVEFiles Ransomware Response from CnC (trojan.rules)
2832606 - ETPRO TROJAN Parasite/Spytector PWS FTP Exfil (trojan.rules)
2832637 - ETPRO INFO External IP Lookup Domain (ww2 .58qn .com) (info.rules)

Date: 
Tuesday, September 18, 2018 - 00:00