Daily Ruleset Update Summary 2018/11/05

[***]            Summary:            [***]

8 new Open, 27 new Pro (8 + 19). MSIL.BackNet, APT33, Quasar RAT, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026572 - ET TROJAN MSIL.BackNet Checkin (trojan.rules)
2026573 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup (trojan.rules)
2026574 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup (trojan.rules)
2026575 - ET TROJAN APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin (trojan.rules)
2026576 - ET TROJAN APT33/CharmingKitten Shellcode Communicating with CnC (trojan.rules)
2026577 - ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit set) (trojan.rules)
2026578 - ET TROJAN APT33/CharmingKitten Encrypted Payload Inbound (trojan.rules)
2026579 - ET TROJAN Perl/Shellbot.SM IRC CnC Checkin (trojan.rules)

Pro:

2833439 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.J Checkin (mobile_malware.rules)
2833440 - ETPRO MOBILE_MALWARE AndroidOS/FakeApp.C Checkin (mobile_malware.rules)
2833441 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin (mobile_malware.rules)
2833442 - ETPRO TROJAN W32.Fakeoff Checkin (trojan.rules)
2833443 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 1) (trojan.rules)
2833444 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 2) (trojan.rules)
2833445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 3) (trojan.rules)
2833446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 4) (trojan.rules)
2833447 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 5) (trojan.rules)
2833448 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 6) (trojan.rules)
2833449 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 7) (trojan.rules)
2833450 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 8) (trojan.rules)
2833451 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 9) (trojan.rules)
2833452 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-05 10) (trojan.rules)
2833453 - ETPRO CURRENT_EVENTS Obfuscated PowerShell Downloader Inbound 2018-11-04 (current_events.rules)
2833454 - ETPRO CURRENT_EVENTS Obfuscated SecureString PowerShell Inbound 2018-11-04 (current_events.rules)
2833455 - ETPRO POLICY External IP Lookup Domain (rokey .xyz) (policy.rules)
2833456 - ETPRO TROJAN Quasar RAT CnC Domain Observed in SNI (browserloot .rokey .xyz) (trojan.rules)
2833457 - ETPRO CURRENT_EVENTS PowerShell with Base64 Encoded Payload Inbound 2018-11-05 (current_events.rules)

[///]     Modified active rules:     [///]

2025918 - ET TROJAN Observed Malicious SSL Cert (MICROPSIA CnC Domain) (trojan.rules)
2026538 - ET TROJAN Possible APT29 CozyBear/SeaDaddy SSL/TLS Certificate Observed (trojan.rules)
2801378 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal CIFS (netbios.rules)

[---]         Removed rules:         [---]

2828199 - ETPRO TROJAN Possible Apple Phishing SNI (trojan.rules)
2833422 - ETPRO TROJAN MSIL.BackNet Checkin (trojan.rules)

Date: 
Monday, November 5, 2018 - 00:00