Daily Ruleset Update Summary 2017/06/08

[***]            Summary:            [***]

5 new Open, 30 new Pro (5 + 25). Bingo EK, Hana, APT 19 CS Checkin, Various Phishing, Various Mobile.

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

2024364 - ET SCAN Possible Nmap User-Agent Observed (scan.rules)
2024365 - ET CURRENT_EVENTS Tech Support Phone Scam Landing (warning.mp3) Jan 24 2017 (current_events.rules)
2024366 - ET TROJAN OpenSSH in ICMP Payload - Possible Covert Channel (trojan.rules)
2024367 - ET CURRENT_EVENTS Bingo EK Payload Download (current_events.rules)
2024368 - ET WEB_SPECIFIC_APPS OTRS Installation Dialog (after auth) attempt (web_specific_apps.rules)

Pro:

2826659 - ETPRO TROJAN APT19 Cobalt Strike Checkin (trojan.rules)
2826660 - ETPRO CURRENT_EVENTS Successful Secured Docs Phish Jun 07 2017 (current_events.rules)
2826661 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish Jun 07 2017 (current_events.rules)
2826662 - ETPRO CURRENT_EVENTS Blockchain Phishing Landing Jun 07 2017 (current_events.rules)
2826663 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 (current_events.rules)
2826664 - ETPRO CURRENT_EVENTS Successful American Express Phish Jun 08 2017 (current_events.rules)
2826665 - ETPRO CURRENT_EVENTS Apple Phishing Landing Jun 08 2017 (current_events.rules)
2826666 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jun 08 2017 (current_events.rules)
2826667 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Jun 08 2017 (current_events.rules)
2826668 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Jun 08 2017 (current_events.rules)
2826669 - ETPRO CURRENT_EVENTS Successful Netlix Phish Jun 08 2017 (current_events.rules)
2826670 - ETPRO CURRENT_EVENTS Successful DHL Phish Jun 08 2017 (current_events.rules)
2826671 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jun 08 2017 (current_events.rules)
2826672 - ETPRO CURRENT_EVENTS Successful Adobe/Dropbox Phish Jun 08 2017 (current_events.rules)
2826673 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 08 2017 (current_events.rules)
2826674 - ETPRO TROJAN Possible Carbanak JScript CnC Beacon (trojan.rules)
2826675 - ETPRO TROJAN Hana Checkin (trojan.rules)
2826676 - ETPRO TROJAN Hana CnC Beacon (trojan.rules)
2826677 - ETPRO MOBILE_MALWARE Android BankBot Checkin 9 (mobile_malware.rules)
2826678 - ETPRO MOBILE_MALWARE Android BankBot Checkin 10 (mobile_malware.rules)
2826679 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 143 (mobile_malware.rules)
2826680 - ETPRO TROJAN MSIL/Stimilik.CO Stealer CnC Activity (trojan.rules)
2826681 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.snt CnC Beacon (mobile_malware.rules)
2826682 - ETPRO TROJAN Bunitu DNS Lookup (trojan.rules)
2826683 - ETPRO TROJAN Win32/Patpoopy CnC Beacon (trojan.rules)


[///]     Modified active rules:     [///]

2018044 - ET CURRENT_EVENTS Successful Visa Phish (current_events.rules)
2018304 - ET CURRENT_EVENTS Successful iTunes Phish (current_events.rules)
2019781 - ET CURRENT_EVENTS Successful AOL/PayPal Phish (current_events.rules)
2020803 - ET CURRENT_EVENTS Successful GoogleFile Phish (current_events.rules)
2024322 - ET TROJAN Win32/ASPC Bot CnC Checkin M1 (trojan.rules)
2821772 - ETPRO CURRENT_EVENTS Successful Blockchain Account Phish Aug 19 2016 (current_events.rules)
2826370 - ETPRO TROJAN Win32/TrojanDownloader.VB.RBO CnC Beacon (trojan.rules)

[---]  Disabled and modified rules:  [---]

2015983 - ET CURRENT_EVENTS PHISH Bank - York - Creds Phished (current_events.rules)

Date: 
Thursday, June 8, 2017 - 00:00