Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/09/20

[***]            Summary:            [***]

1 new Open, 16 new Pro (1 + 16). AndroidOS.MaBank, Win32/Bitrep.B,  DCRS/DarkCrystal RAT, Remcos, Win32/Filecoder.Eris.B.

The Proofpoint Emerging Threats Detection team is proud to announce ETPro support for Suricata 5.0 along with additional new features. At 11am EDT, Wednesday, September 25th, please join us for a webinar to discuss where we've been, where we're going, and where we are.

Link: https://proofpoint.zoom.us/j/347998498
Phone: +1 646 558 8656 or +1 669 900 6833 (US Toll) Meeting ID: 347 998 498
International numbers available: https://zoom.us/u/acddrvsUVN Or Mobile
Phone one-tap:  +16465588656,347998498# or +16699006833,347998498#

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028613 - ET MALWARE BundledInstaller PUA/PUP Downloader (malware.rules)

Pro:

2838512 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MaBank Checkin (mobile_malware.rules)
2838513 - ETPRO TROJAN Win32/Ke3chang Ke3chang CnC Activity (trojan.rules)
2838514 - ETPRO TROJAN Win32/Bitrep.B CnC Checkin (trojan.rules)
2838515 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-20) (current_events.rules)
2838516 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-20 2) (current_events.rules)
2838517 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-20 3) (current_events.rules)
2838518 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-20 4) (current_events.rules)
2838519 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838520 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838521 - ETPRO TROJAN Observed DCRS/DarkCrystal RAT CnC Domain (trojan.rules)
2838522 - ETPRO TROJAN Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup (trojan.rules)
2838523 - ETPRO TROJAN Win32/Filecoder.Eris.B Domain in DNS Lookup (trojan.rules)
2838524 - ETPRO TROJAN Win32/Ramnit.A CnC Activity  (trojan.rules)
2838525 - ETPRO TROJAN Win32/Remcos RAT Checkin 169 (trojan.rules)
2838526 - ETPRO TROJAN Win32/Remcos RAT Checkin 170 (trojan.rules)

[///]     Modified active rules:     [///]

2026489 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.online) (trojan.rules)
2026490 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.club) (trojan.rules)
2026514 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.live) (trojan.rules)
2838214 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-08-28 (current_events.rules)

Date:
Summary title:
1 new Open, 16 new Pro (1 + 16). AndroidOS.MaBank, Win32/Bitrep.B, DCRS/DarkCrystal RAT, Remcos, Win32/Filecoder.Eris.B.