Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/10/18

[***]            Summary:            [***]

4 new Open, 41 new Pro (4 + 37). BlackCarat, Gootkit, Win32/Spy.Casbaneiro, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026518 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-10-18 (current_events.rules)
2026519 - ET USER_AGENTS Suspicious User-Agent (Windows XP) (user_agents.rules)
2026520 - ET USER_AGENTS Suspicious User-Agent (Windows 8) (user_agents.rules)
2026521 - ET USER_AGENTS Suspicious User-Agent (Windows 10) (user_agents.rules)
2026522 - ET USER_AGENTS Suspicious User-Agent (Windows 7) (user_agents.rules)
2026523 - ET TROJAN ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin (trojan.rules)
2026524 - ET TROJAN Win32/BlackCarat Response from CnC (trojan.rules)
2026525 - ET TROJAN Win32/BlackCarat XORed (0x77) CnC Checkin (trojan.rules)

Pro:

2833172 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Media Upload (mobile_malware.rules)
2833173 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C CnC Beacon (mobile_malware.rules)
2833174 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Device Info Exfil (mobile_malware.rules)
2833175 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Call Log Exfil (mobile_malware.rules)
2833176 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Contact Exfil (mobile_malware.rules)
2833177 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C App Info Exfil (mobile_malware.rules)
2833178 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.cm Checkin (mobile_malware.rules)
2833179 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in DNS Lookup) (trojan.rules)
2833180 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in TLS SNI) (trojan.rules)
2833181 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-18 1) (trojan.rules)
2833182 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-18 2) (trojan.rules)
2833183 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-18 3) (trojan.rules)
2833184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-18 4) (trojan.rules)
2833185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-18 5) (trojan.rules)
2833186 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker CnC) (trojan.rules)
2833187 - ETPRO TROJAN Win32/Spy.Casbaneiro CnC Checkin (trojan.rules)
2833188 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-10-18 (current_events.rules)
2833189 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-18) (current_events.rules)
2833190 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-18 2) (current_events.rules)
2833191 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-18 3) (current_events.rules)
2833192 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-18 4) (current_events.rules)
2833193 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-10-18 (current_events.rules)
2833194 - ETPRO CURRENT_EVENTS Successful Credit Credit Card Information Phish 2018-10-18 (current_events.rules)
2833195 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2018-10-18 (current_events.rules)
2833196 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-10-18 (current_events.rules)
2833197 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-10-18 (current_events.rules)
2833198 - ETPRO TROJAN MSIL/Agent.BKU CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2828489 - ETPRO TROJAN FlawedGrace CnC Activity (trojan.rules)

Date:
Summary title:
4 new Open, 41 new Pro (4 + 37). BlackCarat, Gootkit, Win32/Spy.Casbaneiro, Various Phishing, Various Mobile.