Daily Ruleset Update Summary 2018/09/24

[***]            Summary:            [***]

2 new Open, 54 new Pro (2 + 52). MS_D0wnl0ad3r, MSIL.Xpctra RAT, MSIL/AcouKitty, Various Phishing, Various Mobile.

Thanks: @James_inthe_box

[+++]          Added rules:          [+++]

Open:

2026361 - ET TROJAN MS_D0wnl0ad3r Screenshot Upload (trojan.rules)
2026362 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-09-24 (current_events.rules)

Pro:

2832737 - ETPRO MOBILE_MALWARE Android/FakeDefender.B Checkin (mobile_malware.rules)
2832738 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 426 (mobile_malware.rules)
2832739 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 9 (mobile_malware.rules)
2832740 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 10 (mobile_malware.rules)
2832741 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 427 (mobile_malware.rules)
2832742 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 428 (mobile_malware.rules)
2832743 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 429 (mobile_malware.rules)
2832744 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 430 (mobile_malware.rules)
2832745 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 431 (mobile_malware.rules)
2832746 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 432 (mobile_malware.rules)
2832747 - ETPRO TROJAN MSIL.Xpctra RAT Checkin (trojan.rules)
2832748 - ETPRO TROJAN MSIL.Xpctra RAT UA (trojan.rules)
2832749 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
2832750 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
2832751 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
2832752 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
2832753 - ETPRO TROJAN KPOT Stealer Exfiltration M2 (trojan.rules)
2832754 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-24 1) (trojan.rules)
2832755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-24 2) (trojan.rules)
2832756 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-24 3) (trojan.rules)
2832757 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-24 4) (trojan.rules)
2832758 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-24 5) (trojan.rules)
2832759 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload 2018-09-24 (current_events.rules)
2832760 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-24) (current_events.rules)
2832761 - ETPRO TROJAN MSIL/AcouKitty Stealer CnC Checkin 1 (trojan.rules)
2832762 - ETPRO TROJAN MSIL/AcouKitty Stealer CnC Checkin 2 (trojan.rules)
2832763 - ETPRO TROJAN MSIL/AcouKitty Stealer CnC Checkin 3 (trojan.rules)
2832764 - ETPRO TROJAN MSIL/AcouKitty Stealer Keep-Alive (trojan.rules)
2832765 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish 2018-09-24 (current_events.rules)
2832766 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-09-24 (current_events.rules)
2832767 - ETPRO CURRENT_EVENTS Successful NAB Phish 2018-09-24 (current_events.rules)
2832768 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-24 (current_events.rules)
2832769 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-09-24 (current_events.rules)
2832770 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2018-09-24 (current_events.rules)
2832771 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2018-09-24 (current_events.rules)
2832772 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-24 (current_events.rules)
2832773 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-24 (current_events.rules)
2832774 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832775 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832776 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832777 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Staging Domain) (trojan.rules)
2832778 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832779 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832780 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832781 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832782 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Staging Domain) (current_events.rules)
2832783 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 8) (trojan.rules)
2832784 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 1) (trojan.rules)
2832785 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 2) (trojan.rules)
2832786 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 5) (trojan.rules)
2832787 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 6) (trojan.rules)
2832788 - ETPRO TROJAN Win32/DanaBot CnC Checkin (affid 7) (trojan.rules)

[///]     Modified active rules:     [///]

2025638 - ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity (trojan.rules)
2026216 - ET POLICY External IP Lookup Domain (up .jkc8 .com) (policy.rules)
2822391 - ETPRO TROJAN Possible Ursnif VNC Module CnC Beacon (trojan.rules)
2832595 - ETPRO POLICY External IP Lookup Domain (apps .game .qq .com) (policy.rules)
2832637 - ETPRO POLICY External IP Lookup Domain (ww2 .58qn .com) (policy.rules)

Date: 
Monday, September 24, 2018 - 00:00