Daily Ruleset Update Summary 2018/09/21

[***]            Summary:            [***]

23 new Open, 53 new Pro (23 + 30). APT-C-23 C2 Domains, JS/Soakinj, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026216 - ET POLICY External IP Lookup Domain (up .jkc8 .com) (policy.rules)
2026339 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in DNS Lookup) (mobile_malware.rules)
2026340 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in TLS SNI) (mobile_malware.rules)
2026341 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in DNS Lookup) (mobile_malware.rules)
2026342 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in TLS SNI) (mobile_malware.rules)
2026343 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in DNS Lookup) (mobile_malware.rules)
2026344 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in TLS SNI) (mobile_malware.rules)
2026345 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in DNS Lookup) (mobile_malware.rules)
2026346 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in TLS SNI) (mobile_malware.rules)
2026347 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in DNS Lookup) (mobile_malware.rules)
2026348 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in TLS SNI) (mobile_malware.rules)
2026349 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in DNS Lookup) (mobile_malware.rules)
2026350 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in TLS SNI) (mobile_malware.rules)
2026351 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in DNS Lookup) (mobile_malware.rules)
2026352 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in TLS SNI) (mobile_malware.rules)
2026353 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in DNS Lookup) (mobile_malware.rules)
2026354 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in TLS SNI) (mobile_malware.rules)
2026355 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in DNS Lookup) (mobile_malware.rules)
2026356 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in TLS SNI) (mobile_malware.rules)
2026357 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in DNS Lookup) (mobile_malware.rules)
2026358 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in TLS SNI) (mobile_malware.rules)
2026359 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .live in DNS Lookup) (mobile_malware.rules)
2026360 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-09-21 (current_events.rules)

Pro:

2832595 - ETPRO POLICY External IP Lookup Domain (apps .game .qq .com) (policy.rules)
2832637 - ETPRO POLICY External IP Lookup Domain (ww2 .58qn .com) (policy.rules)
2832708 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 416 (mobile_malware.rules)
2832709 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 417 (mobile_malware.rules)
2832710 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 418 (mobile_malware.rules)
2832711 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 419 (mobile_malware.rules)
2832712 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 420 (mobile_malware.rules)
2832713 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 421 (mobile_malware.rules)
2832714 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 422 (mobile_malware.rules)
2832715 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 423 (mobile_malware.rules)
2832716 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 424 (mobile_malware.rules)
2832717 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 425 (mobile_malware.rules)
2832718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-21 1) (trojan.rules)
2832719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-21 2) (trojan.rules)
2832720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-21 3) (trojan.rules)
2832721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-21 4) (trojan.rules)
2832722 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-21 5) (trojan.rules)
2832724 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2018-09-21 (current_events.rules)
2832725 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-09-21 (current_events.rules)
2832726 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-09-21 M2 (current_events.rules)
2832727 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-21 (current_events.rules)
2832728 - ETPRO CURRENT_EVENTS Successful Generic Webmail-Mini Phish 2018-09-21 (current_events.rules)
2832729 - ETPRO CURRENT_EVENTS Successful Microsoft Office Shared Document Phish 2018-09-21 (current_events.rules)
2832730 - ETPRO CURRENT_EVENTS Successful Onedrive Cloud Document Sharing Phish 2018-09-21 (current_events.rules)
2832731 - ETPRO CURRENT_EVENTS Successful Assurance_Maladie Phish 2018-09-21 M1 (current_events.rules)
2832732 - ETPRO CURRENT_EVENTS Successful Assurance_Maladie Phish 2018-09-21 M2 (current_events.rules)
2832733 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-21 (current_events.rules)
2832734 - ETPRO CURRENT_EVENTS JS/Soakinj Redirect Structure (current_events.rules)
2832735 - ETPRO POLICY External IP Lookup Domain (devpay .cn .sy .longu .xyz) (policy.rules)
2832736 - ETPRO MOBILE_MALWARE Android/Ceshi.Stealer CnC Checkin (mobile_malware.rules)

[///]     Modified active rules:     [///]

2024758 - ET TROJAN Win32/Scarsi Variant CnC Activity (trojan.rules)
2822391 - ETPRO TROJAN Possible Ursnif VNC Module CnC Beacon (trojan.rules)
2825163 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to Download PDF) Feb 28 2017 (current_events.rules)
2832692 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2018-09-19 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2821856 - ETPRO TROJAN Win32/Fantom Ransomware Checkin (trojan.rules)

[---]         Removed rules:         [---]

2026216 - ET INFO External IP Lookup Domain (up .jkc8 .com) (info.rules)
2832595 - ETPRO INFO External IP Lookup Domain (apps .game .qq .com) (info.rules)
2832637 - ETPRO INFO External IP Lookup Domain (ww2 .58qn .com) (info.rules)

Date: 
Friday, September 21, 2018 - 00:00