Daily Ruleset Update Summary 2017/02/21

[***] Summary: [***]

1 new Open signature, 31 new Pro (1 + 30). Gootkit, Magnitude EK, JobCrypter, VARIOUS PHISHING.

[+++]          Added rules:          [+++]

Open:

2024005 - ET TROJAN FakeM SSL DNS Lookup (islamhood .net) (trojan.rules)

Pro:

2825033 - ETPRO TROJAN Contopee-related CnC Beacon M1 (trojan.rules)
2825034 - ETPRO TROJAN Contopee-related CnC Beacon M2 (trojan.rules)
2825035 - ETPRO TROJAN Contopee-related CnC Beacon M3 (trojan.rules)
2825036 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 17 2017 (current_events.rules)
2825037 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb 17 2017 (current_events.rules)
2825038 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish Feb 17 2017 (current_events.rules)
2825039 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Feb 17 2017 (current_events.rules)
2825040 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2825041 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2825042 - ETPRO TROJAN Malicious JScript SSL Certificate Detected (trojan.rules)
2825043 - ETPRO CURRENT_EVENTS Magnitude EK Landing Feb 21 2017 M1 (current_events.rules)
2825044 - ETPRO CURRENT_EVENTS Magnitude EK Landing Feb 21 2017 M2 (current_events.rules)
2825045 - ETPRO MOBILE_MALWARE Android/SmsSpy.AS CnC Beacon 2 (mobile_malware.rules)
2825046 - ETPRO MOBILE_MALWARE Android.Trojan.Iop.F Checkin (mobile_malware.rules)
2825047 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.BK Checkin (mobile_malware.rules)
2825048 - ETPRO TROJAN FakeM Variant CnC Beacon (trojan.rules)
2825049 - ETPRO CURRENT_EVENTS Successful Commerzbank (DE) Phish Feb 21 2017 (current_events.rules)
2825050 - ETPRO CURRENT_EVENTS Successful Suncorp Bank Phish Feb 21 2017 (current_events.rules)
2825051 - ETPRO CURRENT_EVENTS Successful Diamond Online Bank Phish Feb 21 2017 (current_events.rules)
2825052 - ETPRO CURRENT_EVENTS Successful GMX (DE) Phish Feb 21 2017 (current_events.rules)
2825053 - ETPRO CURRENT_EVENTS Successful Gmail Account Upgrade Phish Feb 21 2017 (current_events.rules)
2825054 - ETPRO CURRENT_EVENTS Dropbox Shared Document Phishing Landing Feb 21 2017 (current_events.rules)
2825055 - ETPRO CURRENT_EVENTS Successful Ebay Phish Feb 21 2017 (current_events.rules)
2825056 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish Feb 21 2017 (current_events.rules)
2825057 - ETPRO CURRENT_EVENTS Successful Capital One Phish Feb 21 2017 (current_events.rules)
2825058 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Feb 21 2017 (current_events.rules)
2825059 - ETPRO CURRENT_EVENTS Successful US Bank Phish Feb 21 2017 (current_events.rules)
2825060 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.san SMS Exfil via SMTP 2 (mobile_malware.rules)
2825061 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.san SMS Exfil via SMTP 3 (mobile_malware.rules)
2825062 - ETPRO TROJAN W32/JobCrypter V3.x Reporting Infection via SMTP (trojan.rules)

[///]     Modified active rules:     [///]

2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2815142 - ETPRO TROJAN Bergard Checkin 1 (trojan.rules)
2816221 - ETPRO TROJAN W32/JobCrypter v1.x Reporting Infection via SMTP (trojan.rules)
2823788 - ETPRO TROJAN DNSChanger Rogue DNS Server (A Lookup) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (info.rules)
 

Date: 
Tuesday, February 21, 2017 - 00:00