Daily Ruleset Update Summary 2017/02/27

[***] Summary: [***]

2 new Open signatures, 23 new Pro (2 + 21). RIG EK, Ursnif, Filecoder, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2024020 - ET CURRENT_EVENTS RIG EK URI Struct Feb 26 2017 (current_events.rules)
2024021 - ET CURRENT_EVENTS RIG EK Landing Feb 26 2016 (current_events.rules)

Pro:

2825131 - ETPRO POLICY PUP/MiPony HTTP Request (policy.rules)
2825132 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)
2825133 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact Exfil via SMTP (mobile_malware.rules)
2825134 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact Exfil via SMTP 2 (mobile_malware.rules)
2825135 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil via SMTP 3 (mobile_malware.rules)
2825136 - ETPRO CURRENT_EVENTS Successful BMO Phish Feb 24 2017 (current_events.rules)
2825137 - ETPRO TROJAN VMDetector CnC Beacon (trojan.rules)
2825138 - ETPRO MALWARE AdWare.NSIS.Dotdo.gen CnC Beacon (malware.rules)
2825139 - ETPRO TROJAN Possible Ursnif Tor Module Download M2 (trojan.rules)
2825140 - ETPRO TROJAN Possible Ursnif Tor Module Download M2 (trojan.rules)
2825141 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy Domain (trojan.rules)
2825142 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.d CnC Beacon (mobile_malware.rules)
2825143 - ETPRO CURRENT_EVENTS Successful BMO Phish Feb 27 2017 (current_events.rules)
2825144 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Feb 27 2017 (current_events.rules)
2825145 - ETPRO CURRENT_EVENTS Successful BMO Phish M2 Feb 27 2017 (current_events.rules)
2825146 - ETPRO CURRENT_EVENTS Successful BMO Phish M3 Feb 27 2017 (current_events.rules)
2825147 - ETPRO CURRENT_EVENTS Possible Sparkasse Bank Phishing Landing Feb 27 2017 (current_events.rules)
2825148 - ETPRO CURRENT_EVENTS Successful 163.com Email Account Phish Feb 27 2017 (current_events.rules)
2825149 - ETPRO CURRENT_EVENTS Dropbox Phishing Landing Feb 27 2017 (current_events.rules)
2825150 - ETPRO CURRENT_EVENTS Multi Email Shared Document Phishing Landing Feb 27 2017 (current_events.rules)
2825151 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) Feb 27 2016 (current_events.rules)

[///]     Modified active rules:     [///]

2016922 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (trojan.rules)
 

Date: 
Monday, February 27, 2017 - 00:00