Daily Ruleset Update Summary 2017/03/17

[***] Summary: [***]

2 new Open signatures, 22 new Pro (2 + 20). VARIOUS PHISHING, Hidden Tear, Sage, Cerber.

Thanks: Jeff H, @jonny55555 & Kevin Ross.

[+++]          Added rules:          [+++]

Open:

2024092 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017 (current_events.rules)
2024093 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017 M2 (current_events.rules)

Pro:

2825485 - ETPRO CURRENT_EVENTS Microsoft Live Email Account Phishing Landing Mar 16 2017 (current_events.rules)
2825486 - ETPRO CURRENT_EVENTS Successful Google Drive / Dropbox Phish M1 Mar 17 2017 (current_events.rules)
2825487 - ETPRO CURRENT_EVENTS Successful Google Drive / Dropbox Phish M2 Mar 17 2017 (current_events.rules)
2825488 - ETPRO CURRENT_EVENTS Successful Excel Phish Mar 16 2017 (current_events.rules)
2825489 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Mar 17 2017 (current_events.rules)
2825490 - ETPRO CURRENT_EVENTS Surveybrother Webmail Upgrade Phishing Landing Mar 17 2017 (current_events.rules)
2825491 - ETPRO CURRENT_EVENTS My Verizon Phishing Landing Mar 17 2017 (current_events.rules)
2825492 - ETPRO CURRENT_EVENTS Successful Verizon Phish Mar 17 2017 (current_events.rules)
2825493 - ETPRO CURRENT_EVENTS Successful Match.com Mobile Phish Mar 17 2017 (current_events.rules)
2825494 - ETPRO TROJAN Hidden Tear .onion Proxy Domain (trojan.rules)
2825495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-17 1) (trojan.rules)
2825496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-17 2) (trojan.rules)
2825497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-17 3) (trojan.rules)
2825498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-17 4) (trojan.rules)
2825499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-17 5) (trojan.rules)
2825500 - ETPRO TROJAN DNS Query to Sage Domain (jktew0 . com) (trojan.rules)
2825501 - ETPRO TROJAN DNS Query to Sage Domain (jpo2z1 . net) (trojan.rules)
2825502 - ETPRO TROJAN DNS Query to Cerber Domain (16bwhs . top) (trojan.rules)
2825503 - ETPRO TROJAN DNS Query to Cerber Domain (1ajohk . top) (trojan.rules)
2825504 - ETPRO TROJAN DNS Query to Cerber Domain (1apkjn . top) (trojan.rules)

[///]     Modified active rules:     [///]

2022566 - ET CURRENT_EVENTS Possible Malicious Macro EXE DL AlphaNumL (current_events.rules)
2023638 - ET CURRENT_EVENTS Common Phishing Redirect Dec 13 2016 (current_events.rules)
2024035 - ET TROJAN WS/JS Downloader Mar 07 2017 M1 (trojan.rules)
2024036 - ET TROJAN WS/JS Downloader Mar 07 2017 M2 (trojan.rules)
2024056 - ET TROJAN Win32/CryptFile2 / Revenge Ransomware Checkin M3 (trojan.rules)
2821163 - ETPRO CURRENT_EVENTS Successful Docusign/O365 Phish Jul 15 (current_events.rules)

[---]         Removed rules:         [---]

2822403 - ETPRO CURRENT_EVENTS Successful Yadkin Bank Phish Oct 04 2016 (current_events.rules)
 

Date: 
Friday, March 17, 2017 - 00:00