Daily Ruleset Update Summary 2017/03/06

[***] Summary: [***]

4 new Open signatures, 19 new Pro (4 + 15). PHISHING.

Thanks: @damonrouse

[+++]          Added rules:          [+++]

Open:

2024030 - ET WEB_CLIENT SUSPICIOUS Microsoft-Edge protocol in use (Observed in Magnitude EK) (web_client.rules)
2024031 - ET WEB_CLIENT SUSPICIOUS Local file read using read protocol (web_client.rules)
2024032 - ET CURRENT_EVENTS Successful Vanguard Phish Mar 06 2017 (current_events.rules)
2024033 - ET CURRENT_EVENTS Android Fake AV Download Landing Mar 06 2017 (current_events.rules)

Pro:

2825236 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Mar 03 2017 (current_events.rules)
2825237 - ETPRO CURRENT_EVENTS Successful Twitter Verification Phish Mar 03 2017 (current_events.rules)
2825238 - ETPRO MOBILE_MALWARE Android/SMSreg.FR CnC Beacon (mobile_malware.rules)
2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)
2825240 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CI Checkin (mobile_malware.rules)
2825241 - ETPRO MOBILE_MALWARE Monitoring-Tool Android/MobileSpy.C SMS Exfil (mobile_malware.rules)
2825242 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Mar 06 2017 (current_events.rules)
2825243 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Mar 06 2017 (current_events.rules)
2825244 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Mar 06 2017 (current_events.rules)
2825245 - ETPRO POLICY Free Proxy Tool HTTP Request (policy.rules)
2825246 - ETPRO MALWARE Win32/ZvuZona CnC Beacon (malware.rules)
2825247 - ETPRO MOBILE_MALWARE Monitoring-Tool Android/MobileSpy.C Checkin (mobile_malware.rules)
2825248 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Mar 06 2017 (current_events.rules)
2825249 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 06 2017 (current_events.rules)
2825250 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 06 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2019628 - ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs (trojan.rules)
2810159 - ETPRO TROJAN Win32/Hyteod Initial CnC Beacon Response (trojan.rules)
2810290 - ETPRO TROJAN NanoCore RAT Keepalive Response 1 (trojan.rules)
2816766 - ETPRO TROJAN NanoCore RAT CnC 7 (trojan.rules)
2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2822326 - ETPRO TROJAN NanoCore RAT CnC 19 (trojan.rules)

[---]         Removed rules:         [---]

2822989 - ETPRO TROJAN Malicious SSL Certificate Detected (Qadars CnC) (trojan.rules)
 

Date: 
Monday, March 6, 2017 - 00:00