Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/01/15

[***]            Summary:            [***]

14 new Open, 44 new Pro (14 + 30). Ave Maria RAT, DarkHydrus, Various Android, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026805 - ET TROJAN Possible Sharik/Smoke Loader 7zip Connectivity Check (trojan.rules)
2026806 - ET TROJAN Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI) (trojan.rules)
2026807 - ET TROJAN Observed TrumpHead Ransomware CnC Domain (6bbsjnrzv2uvp7bp .onion .pet in TLS SNI) (trojan.rules)
2026808 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. pet)) (policy.rules)
2026809 - ET POLICY DNS Query to .onion proxy domain (onion .pet) (policy.rules)
2026810 - ET POLICY DNS Query to .onion proxy domain (onion .ws) (policy.rules)
2026811 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. ws)) (policy.rules)
2026812 - ET TROJAN APT DarkHydrus DNS Lookup 25 (trojan.rules)
2026813 - ET TROJAN APT DarkHydrus DNS Lookup 26 (trojan.rules)
2026814 - ET TROJAN APT DarkHydrus DNS Lookup 27 (trojan.rules)
2026815 - ET TROJAN APT DarkHydrus DNS Lookup 28 (trojan.rules)
2026816 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)
2026817 - ET TROJAN Observed Malicious SSL Cert (POWERRATANKBA CnC) (trojan.rules)
2026818 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)

Pro:

2834378 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CLN Checkin (mobile_malware.rules)
2834379 - ETPRO MOBILE_MALWARE Android.Trojan.Dropper.SQ CnC Beacon (mobile_malware.rules)
2834380 - ETPRO MOBILE_MALWARE Android.Trojan.Dropper.SQ Device Info Exfil (mobile_malware.rules)
2834381 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AFY Checkin (mobile_malware.rules)
2834382 - ETPRO MOBILE_MALWARE Android/Kaijing CnC Beacon (mobile_malware.rules)
2834383 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.gDIZS CnC Beacon (mobile_malware.rules)
2834384 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 1) (trojan.rules)
2834385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 2) (trojan.rules)
2834386 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 3) (trojan.rules)
2834387 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 4) (trojan.rules)
2834388 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 5) (trojan.rules)
2834389 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 6) (trojan.rules)
2834390 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 7) (trojan.rules)
2834391 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-15 8) (trojan.rules)
2834392 - ETPRO TROJAN Win32.Dropper.cc.AU3 IP Check (trojan.rules)
2834393 - ETPRO TROJAN Ave Maria RAT Keep-Alive (Outbound) (trojan.rules)
2834394 - ETPRO TROJAN Ave Maria RAT Checkin (trojan.rules)
2834395 - ETPRO TROJAN Ave Maria RAT Keep-Alive (Inbound) (trojan.rules)
2834396 - ETPRO CURRENT_EVENTS Successful Apple iTunes Phish 2019-01-15 (current_events.rules)
2834397 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-01-15 (current_events.rules)
2834398 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-01-15 (current_events.rules)
2834399 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-15 (current_events.rules)
2834400 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-01-15 (current_events.rules)
2834401 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-15 (current_events.rules)
2834402 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-01-15 (current_events.rules)
2834403 - ETPRO CURRENT_EVENTS Successful Salesforce Phish 2019-01-15 (current_events.rules)
2834404 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-01-15 (current_events.rules)
2834405 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-15 (current_events.rules)
2834406 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-15 (current_events.rules)
2834407 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-15 (current_events.rules)

[///]     Modified active rules:     [///]

2025198 - ET TROJAN Bitter RAT HTTP CnC Beacon M2 (trojan.rules)
2026035 - ET WEB_SPECIFIC_APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt (web_specific_apps.rules)
2828644 - ETPRO TROJAN Zebrocy Requesting Stage 2 Payload (trojan.rules)
2831374 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-06-21 Domain (esscorp .org in TLS SNI) (current_events.rules)
2833339 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CR Checkin (mobile_malware.rules)
2834171 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)

Date:
Summary title:
14 new Open, 44 new Pro (14 + 30). Ave Maria RAT, DarkHydrus, Various Android, Various Phish.