Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/10/09

[***]            Summary:            [***]

2 new Open, 36 new Pro (2 + 34). StarDotStar HELO, Win32.ZeroEvil, Various Mobile, Various Phishing.

Thanks: Nathan Fowler

[+++]          Added rules:          [+++]

Open:

2016379 - ET INFO JAR Containing Executable Downloaded (info.rules)
2026463 - ET CURRENT_EVENTS StarDotStar HELO, suspected AUTH LOGIN botnet (current_events.rules)

Pro:

2833006 - ETPRO MOBILE_MALWARE Trojan.Android.SmsSpy.fitsuj CnC Beacon (mobile_malware.rules)
2833007 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.aa CnC Beacon (mobile_malware.rules)
2833008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Ztorg.ag Checkin (mobile_malware.rules)
2833009 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.aa CnC Beacon 2 (mobile_malware.rules)
2833010 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Galf.A CnC Beacon (mobile_malware.rules)
2833011 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 8 (mobile_malware.rules)
2833012 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 9 (mobile_malware.rules)
2833013 - ETPRO TROJAN Win32.ZeroEvil Checkin (trojan.rules)
2833014 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 1) (trojan.rules)
2833015 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 2) (trojan.rules)
2833016 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 3) (trojan.rules)
2833017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 4) (trojan.rules)
2833018 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 5) (trojan.rules)
2833019 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-09 6) (trojan.rules)
2833020 - ETPRO CURRENT_EVENTS Possible Malicious SYLK File Inbound (current_events.rules)
2833021 - ETPRO CURRENT_EVENTS Possible Emotet MalDoc DL 2018-09-26 (set) (current_events.rules)
2833022 - ETPRO CURRENT_EVENTS Possible Emotet MalDoc DL 2018-09-26 (current_events.rules)
2833023 - ETPRO CURRENT_EVENTS Successful Apple Credit Card Information Phish 2018-10-09 (current_events.rules)
2833024 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-09 (current_events.rules)
2833025 - ETPRO CURRENT_EVENTS Successful Generic Phish to Wordpress Directory 2018-10-09 (current_events.rules)
2833026 - ETPRO TROJAN DeadlyEagle Backdoor CnC Checkin (trojan.rules)
2833027 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-10-09 (current_events.rules)
2833028 - ETPRO POLICY External IP Lookup Domain (woniulock .com) (policy.rules)
2833029 - ETPRO USER_AGENTS Suspicious IP Lookup Domain in UA (woniulock .com) (user_agents.rules)
2833030 - ETPRO TROJAN Win32/Injector.BBYK CnC Checkin (trojan.rules)
2833031 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Keitaro Malvertising Domain) (current_events.rules)
2833032 - ETPRO CURRENT_EVENTS Keitaro Malvertising Redirector Domain in SNI (current_events.rules)
2833033 - ETPRO TROJAN Keitaro Malvertising Redirector Domain in SNI (trojan.rules)
2833034 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (trojan.rules)
2833035 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (trojan.rules)
2833036 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (trojan.rules)
2833037 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (trojan.rules)
2833038 - ETPRO INFO Possibly Obfuscated Payload - CharCode HTTP Inbound in JavaScript (info.rules)
2833039 - ETPRO CURRENT_EVENTS JS/Unk Inbound Obfuscated Malvertising Redirector (current_events.rules)

[///]     Modified active rules:     [///]

2003635 - ET TROJAN Generic Password Stealer User Agent Detected (RookIE) (trojan.rules)
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe (trojan.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie (trojan.rules)
2811176 - ETPRO TROJAN Luminosity Link RAT CnC Beacon Outbound (trojan.rules)
2826591 - ETPRO TROJAN APT.Debbocs CnC Beacon (trojan.rules)
2832990 - ETPRO TROJAN Win32/Pterodo.IZ Checkins (trojan.rules)

[---]         Removed rules:         [---]

2016379 - ET CURRENT_EVENTS DRIVEBY Generic - JAR Containing Windows Executable (current_events.rules)
2816660 - ETPRO TROJAN Possible Locky JS Downloading Payload (trojan.rules)
2828122 - ETPRO CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M3 (current_events.rules)
2828123 - ETPRO CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M4 (current_events.rules)

Date:
Summary title:
2 new Open, 36 new Pro (2 + 34). StarDotStar HELO, Win32.ZeroEvil, Various Mobile, Various Phishing.