Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/05/16

[***]            Summary:            [***]

2 new Open, 28 new Pro (2 + 26). Raccoon Stealer, Eyooun, Kardon Stealer, Various Mobile, Various Phishing

[+++]          Added rules:          [+++]

Open:

2027357 - ET EXPLOIT Linksys Smart WiFi Information Disclosure Attempt Inbound (exploit.rules)
2027358 - ET EXPLOIT CyberArk Enterprise Password Vault XXE Injection Attempt (exploit.rules)

Pro:

2836333 - ETPRO MOBILE_MALWARE Android-Trojan/Hidap.d6f5b CnC Beacon (mobile_malware.rules)
2836334 - ETPRO MOBILE_MALWARE Android.Adware.GingerMaster.DK CnC Beacon (mobile_malware.rules)
2836335 - ETPRO MOBILE_MALWARE Android/Triada Checkin (mobile_malware.rules)
2836336 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D Checkin 3 (mobile_malware.rules)
2836337 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 466 (mobile_malware.rules)
2836338 - ETPRO TROJAN Win32/Spy.Mekotio.BQ Checkin (trojan.rules)
2836339 - ETPRO TROJAN MSIL.CursedSheep Stealer Checkin (trojan.rules)
2836340 - ETPRO TROJAN MSIL.CursedSheep Stealer Checkin Response (trojan.rules)
2836341 - ETPRO TROJAN Win32/HeadShot.BR Stealer Checkin (trojan.rules)
2836342 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-16 1) (trojan.rules)
2836343 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-16 2) (trojan.rules)
2836344 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-16 3) (trojan.rules)
2836345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-16 4) (trojan.rules)
2836346 - ETPRO TROJAN Kardon Stealer CnC Checkin (trojan.rules)
2836347 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2836348 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving VBS (current_events.rules)
2836349 - ETPRO USER_AGENTS Observed UA (DolphinQ) (user_agents.rules)
2836350 - ETPRO TROJAN Base64 Encoded Batch File Inbound via Certificate Format M1 (trojan.rules)
2836351 - ETPRO TROJAN Base64 Encoded Batch File Inbound via Certificate Format M2 (trojan.rules)
2836352 - ETPRO TROJAN Win32.Eyooun Activity UDP M1 (trojan.rules)
2836353 - ETPRO TROJAN Win32.Eyooun Activity TCP M1 (trojan.rules)
2836354 - ETPRO TROJAN Win32.Eyooun Activity UDP M2 (trojan.rules)
2836355 - ETPRO TROJAN Win32.Eyooun Activity TCP M2 (trojan.rules)
2836356 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M2 (trojan.rules)
2836357 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Response (trojan.rules)
2836358 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Error Response (trojan.rules)

[///]     Modified active rules:     [///]

2830425 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving EXE (current_events.rules)
2833775 - ETPRO TROJAN Base64 Encoded EXE/CAB Inbound via CertUtil Request M2 (trojan.rules)

[---]         Disabled rules:        [---]

2024299 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 2 (trojan.rules)
2024301 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 4 (trojan.rules)
2024302 - ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 5 (trojan.rules)

Date:
Summary title:
2 new Open, 28 new Pro (2 + 26). Raccoon Stealer, Eyooun, Kardon Stealer, Various Mobile, Various Phishing