Daily Ruleset Update Summary 2017/02/23

[***] Summary: [***]

27 new Pro signatures. Crypton, CMSBrute, PoisonIvy, VARIOUS PHISHING.

Thanks: Kevin Branch.

[+++]          Added rules:          [+++]

2825091 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Downloading PE (trojan.rules)
2825092 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Checkin (trojan.rules)
2825093 - ETPRO TROJAN Unknown CMSBrute Checkin / Retrieving Targets (trojan.rules)
2825094 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin via FTP (CWD) (mobile_malware.rules)
2825095 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin via FTP 2 (mobile_malware.rules)
2825096 - ETPRO TROJAN Bladabindi/njRAT Variant CnC Checkin (Mr.motaz) (trojan.rules)
2825097 - ETPRO CURRENT_EVENTS Successful Personalized Aliyun Phish Feb 22 2017 (current_events.rules)
2825098 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Feb 22 2017 (current_events.rules)
2825099 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Feb 22 2017 (current_events.rules)
2825100 - ETPRO TROJAN Crypton .onion Proxy Domain (trojan.rules)
2825101 - ETPRO TROJAN PoisonIvy Variant CnC Beacon (trojan.rules)
2825102 - ETPRO CURRENT_EVENTS Successful Cisco Webex Phish Feb 23 2017 (current_events.rules)
2825103 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 23 2017 (current_events.rules)
2825104 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb 23 2017 (current_events.rules)
2825105 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M1 Feb 23 2017 (current_events.rules)
2825106 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M2 Feb 23 2017 (current_events.rules)
2825107 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M1 Feb 23 2017 (current_events.rules)
2825108 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M2 Feb 23 2017 (current_events.rules)
2825109 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M3 Feb 23 2017 (current_events.rules)
2825110 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M4 Feb 23 2017 (current_events.rules)
2825111 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 23 2017 (current_events.rules)
2825112 - ETPRO CURRENT_EVENTS Successful Suncorp Bank (AU) Phish Feb 23 2017 (current_events.rules)
2825113 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Feb 23 2017 (current_events.rules)
2825114 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M2 Feb 23 2017 (current_events.rules)
2825115 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 23 2017 (current_events.rules)
2825116 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 23 2017 (current_events.rules)
2825117 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 23 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules)
2023753 - ET SCAN MS Terminal Server Traffic on Non-standard Port (scan.rules)
 

Date: 
Thursday, February 23, 2017 - 00:00