Daily Ruleset Update Summary 2017/02/24

[***] Summary: [***]

13 new Open signatures, 23 new Pro (11 + 10). (?:Matrix|Cerber) Ransomware, Various Phishing.

Thanks: @illegalFawn and @rmkml.

[+++]          Added rules:          [+++]

Open:

2024007 - ET CURRENT_EVENTS Suspicious JS Refresh - Possible Phishing Redirect Feb 24 2017 (current_events.rules)
2024008 - ET CURRENT_EVENTS Possible Phishing Redirect Feb 24 2017 (current_events.rules)
2024009 - ET CURRENT_EVENTS Successful Craigslist (RO) Phish M1 Feb 24 2017 (current_events.rules)
2024010 - ET CURRENT_EVENTS Successful Craigslist (RO) Phish M2 Feb 24 2017 (current_events.rules)
2024011 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M1 Feb 24 2017 (current_events.rules)
2024012 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M2 Feb 24 2017 (current_events.rules)
2024013 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M3 Feb 24 2017 (current_events.rules)
2024014 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M4 Feb 24 2017 (current_events.rules)
2024015 - ET CURRENT_EVENTS Successful Orderlink (IN) Phish Feb 24 2017 (current_events.rules)
2024016 - ET CURRENT_EVENTS Paypal Phishing Redirect M1 Feb 24 2017 (current_events.rules)
2024017 - ET CURRENT_EVENTS Paypal Phishing Redirect M2 Feb 24 2017 (current_events.rules)
2024018 - ET CURRENT_EVENTS Common Paypal Phishing URI Feb 24 2017 (current_events.rules)
2024019 - ET CURRENT_EVENTS Paypal Phishing Landing Feb 24 2017 (current_events.rules)

Pro:

2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24 2017 (current_events.rules)
2825119 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 24 2017 (current_events.rules)
2825120 - ETPRO POLICY DNS Query to .onion proxy Domain (onion. casa) (policy.rules)
2825121 - ETPRO TROJAN Malicious JScript SSL Certificate Detected (trojan.rules)
2825122 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Feb 24 2017 (current_events.rules)
2825123 - ETPRO CURRENT_EVENTS Suspicious Cookie Observed in Apple Phishing Feb 24 2017 (current_events.rules)
2825125 - ETPRO TROJAN MSIL/Matrix Ransomware CnC Activity (trojan.rules)
2825126 - ETPRO TROJAN Banker.Win32.ChePro.myry CnC Beacon (trojan.rules)
2825127 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules)
2825128 - ETPRO POLICY SSL Cert Free File Hosting Site (spring-files . com) (policy.rules)

[///]     Modified active rules:     [///]

2814079 - ETPRO TROJAN Corebot Checkin 2 (trojan.rules)
2825027 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct T2 Feb 17 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2816898 - ETPRO TROJAN Maldoc Downloader SSL Cert Apr 04 (trojan.rules)
 

Date: 
Friday, February 24, 2017 - 00:00