Daily Ruleset Update Summary 2018/09/25

[***]            Summary:            [***]

1 new Open, 10 new Pro (1 + 9). MS_D0wnl0ad3r, Win32/ZeroEvil, Ursnif.

[+++]          Added rules:          [+++]

Open:

2026363 - ET TROJAN MS_D0wnl0ad3r Checkin (trojan.rules)

Pro:

2832789 - ETPRO CURRENT_EVENTS Ursnif Loader Activity 2018-09-25 (current_events.rules)
2832790 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-25 1) (trojan.rules)
2832791 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-25 2) (trojan.rules)
2832792 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-25 3) (trojan.rules)
2832793 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-25 4) (trojan.rules)
2832794 - ETPRO TROJAN Observed Malicious SSL Cert (N40 CnC) (trojan.rules)
2832795 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-25) (current_events.rules)
2832796 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-25 2) (current_events.rules)
2832797 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Process Information to CnC (trojan.rules)

[///]     Modified active rules:     [///]

2025638 - ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity (trojan.rules)
2026336 - ET WEB_SERVER JSP.SJavaWebManage WebShell Access (web_server.rules)
2026337 - ET WEB_SERVER JSP.SJavaWebManage WebShell Pass 20-09-2018 1 (web_server.rules)
2026338 - ET WEB_SERVER JSP.SJavaWebManage WebShell Pass 20-09-2018 2 (web_server.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll) (trojan.rules)
2825563 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) (trojan.rules)
2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check (trojan.rules)
2832621 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Screenshot to CnC (trojan.rules)
2832704 - ETPRO TROJAN Win32/ZeroEvil Stealer CnC Checkin (trojan.rules)

Date: 
Tuesday, September 25, 2018 - 00:00