Daily Ruleset Update Summary 2017/04/07

[***]            Summary:            [***]

9 new Open, 15 new Pro (9 + 6). CrypMIC, Various Phishing

[+++]          Added rules:          [+++]

Open:

2024183 - ET TROJAN Possible Turla Carbon Paper CnC Beacon (Fake User-Agent) (trojan.rules)
2024184 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M1 Apr 07 2017 (current_events.rules)
2024185 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M2 Apr 07 2017 (current_events.rules)
2024186 - ET CURRENT_EVENTS Successful Santander Phish M1 Apr 07 2017 (current_events.rules)
2024187 - ET CURRENT_EVENTS Successful Santander Phish M2 Apr 07 2017 (current_events.rules)
2024188 - ET CURRENT_EVENTS Successful Santander Phish M3 Apr 07 2017 (current_events.rules)
2024189 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024190 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2024191 - ET EXPLOIT TP-Link Archer C2 and Archer C20i Remote Code Execution (exploit.rules)

Pro:

2825825 - ETPRO CURRENT_EVENTS Successful Generic Phish - JS History.Go Redirect Apr 07 2017 (current_events.rules)
2825826 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (trojan.rules)
2825827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-07 1) (trojan.rules)
2825828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-07 2) (trojan.rules)
2825829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-07 3) (trojan.rules)
2825830 - ETPRO TROJAN DNS Query to Cerber Domain (1a7wnt . top) (trojan.rules)

[///]     Modified active rules:     [///]

2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2825705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-03 1) (trojan.rules)
 

Date: 
Friday, April 7, 2017 - 00:00