Daily Ruleset Update Summary 2017/03/22

[***]            Summary:            [***]

2 new Open signatures, 19 new Pro (2 + 17). Spy.Banker.ACUT, Various Phishing, Various Android

Thanks: @JAMESWT_MHT

[+++]          Added rules:          [+++]

Open:

2024099 - ET TROJAN Win32/Spy.Banker.ACUT CnC Checkin (trojan.rules)
2024100 - ET CURRENT_EVENTS Successful Paypal Phish Mar 22 2017 (current_events.rules)

Pro:

2825552 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Mar 22 2017 (current_events.rules)
2825553 - ETPRO CURRENT_EVENTS Successful Facebook Phish Mar 22 2017 (current_events.rules)
2825554 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish Mar 22 2017 (current_events.rules)
2825555 - ETPRO CURRENT_EVENTS Successful Gmail Phish Mar 22 2017 (current_events.rules)
2825556 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Mar 22 2017 (current_events.rules)
2825557 - ETPRO TROJAN Gozi/Ursnif/Papras Connectivity Check (php.net) (trojan.rules)
2825558 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules)
2825559 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (trojan.rules)
2825560 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825561 - ETPRO TROJAN Possible Gozi ISFB/Dreambot DGA Domain in SNI (trojan.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll) (trojan.rules)
2825563 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) (trojan.rules)
2825564 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) (trojan.rules)
2825565 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity Sending Screenshot (CAP) (trojan.rules)
2825566 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (CAP) (trojan.rules)
2825567 - ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert (trojan.rules)
2825568 - ETPRO TROJAN Powershell Downloader Domain in SNI (trojan.rules)

[///]     Modified active rules:     [///]

2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish Dec 8 M1 (current_events.rules)
2821693 - ETPRO TROJAN W32/Ramnit Initial CnC Connection (trojan.rules)
2825353 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)

[---]         Removed rules:         [---]

2012300 - ET TROJAN Win32.Banker.AAD CnC Communication (trojan.rules)
 

Date: 
Wednesday, March 22, 2017 - 00:00