Daily Ruleset Update Summary 2017/07/13

[***]            Summary:            [***]

5 new Open, 21 new Pro (5 + 16). Striked Ransomware, LockPOS SSL, APT28 Uploader DNS, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024462 - ET CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04 2017 (current_events.rules)
2024463 - ET CURRENT_EVENTS Successful Generic 107 Phish Jul 13 2017 (current_events.rules)
2024464 - ET CURRENT_EVENTS DNS Query to Generic 107 Phishing Domain (current_events.rules)
2024465 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)
2024466 - ET TROJAN Win32/Striked Ransomware CnC Checkin (trojan.rules)

Pro:

2827122 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 176 (mobile_malware.rules)
2827123 - ETPRO TROJAN TrumpIsDaddy CN Stresser C2 M1 (trojan.rules)
2827124 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827125 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
2827126 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
2827127 - ETPRO TROJAN vjw0rm Exfiltration via User-Agent Header (trojan.rules)
2827128 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 5 (mobile_malware.rules)
2827129 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
2827130 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 7 (mobile_malware.rules)
2827131 - ETPRO TROJAN AgentTesla Downloader Malicious Domain in SNI Observed (trojan.rules)
2827132 - ETPRO TROJAN MSIL/SkyNet CnC Activity (trojan.rules)
2827133 - ETPRO POLICY Observed DNS Request to iplogger.com for External IP Address Lookup (policy.rules)
2827134 - ETPRO CURRENT_EVENTS SunDown-P EK Secondary Landing M1 (current_events.rules)
2827135 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2016-1899 (current_events.rules)
2827136 - ETPRO CURRENT_EVENTS SunDown-P EK Exploit CVE-2014-6332 (current_events.rules)
2827137 - ETPRO CURRENT_EVENTS SunDown-P Exploit CVE-2015-0016 (current_events.rules)

[///]     Modified active rules:     [///]

2017753 - ET CURRENT_EVENTS Possible Successful Remax Phish - Hotmail Creds (current_events.rules)
2021322 - ET CURRENT_EVENTS Possible Successful Remax Phish - AOL Creds (current_events.rules)
2021324 - ET CURRENT_EVENTS Possible Successful Remax Phish - Other Creds (current_events.rules)
2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 1 (current_events.rules)
2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20 (current_events.rules)
2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish Jul 21 M1 (current_events.rules)
2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish Jul 21 M2 (current_events.rules)
2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish Aug 9 M1 (current_events.rules)
2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish Aug 9 M2 (current_events.rules)
2023061 - ET CURRENT_EVENTS Successful Excel Phish Aug 15 2016 (current_events.rules)
2023063 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016 M1 (current_events.rules)
2023064 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016 M2 (current_events.rules)
2023488 - ET CURRENT_EVENTS Successful Tesco Bank Phish M2 Nov 08 2016 (current_events.rules)
2023698 - ET CURRENT_EVENTS Successful National Bank Phish Jan 05 2017 (current_events.rules)
2023758 - ET CURRENT_EVENTS Successful Apple iCloud Phish Jan 23 2017 (current_events.rules)
2023770 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Jan 30 2017 (current_events.rules)
2023771 - ET CURRENT_EVENTS Successful Wells Fargo Phish Jan 30 2017 (current_events.rules)
2023888 - ET CURRENT_EVENTS Successful Apple Phish Feb 09 2017 (current_events.rules)
2024456 - ET TROJAN Possible Winnti-related DNS Lookup (vps2java .securitytactics .com) (trojan.rules)
2024457 - ET TROJAN Possible Winnti-related DNS Lookup (job .yoyakuweb .technology) (trojan.rules)
2024459 - ET TROJAN Possible Winnti-related DNS Lookup (macos .exoticlol .com) (trojan.rules)
2024461 - ET TROJAN LockPOS CnC (trojan.rules)
2815162 - ETPRO CURRENT_EVENTS Comerica Bank Phishing Posting Creds 2 Dec 01 (current_events.rules)
2815310 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 10 M1 (current_events.rules)
2823240 - ETPRO TROJAN EDA2 Ransomware Variants/Magic CnC Checkin (trojan.rules)
2827113 - ETPRO TROJAN Observed DNS Query to Ovidiy Stealer CnC Domain (trojan.rules)

[---]         Disabled rules:        [---]

2023072 - ET CURRENT_EVENTS Successful Netflix Phish Aug 17 2016 (current_events.rules)
2023180 - ET CURRENT_EVENTS DNS Query to Ebay Phishing Domain (current_events.rules)
2023181 - ET CURRENT_EVENTS Successful Ebay Phish Sept 8 2016 (current_events.rules)
2819660 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 11 M1 (current_events.rules)
2819661 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 11 M2 (current_events.rules)
2819704 - ETPRO CURRENT_EVENTS Successful American Express Phish Apr 13 (current_events.rules)

[---]         Removed rules:         [---]

2824213 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04 2017 (current_events.rules)

Date: 
Thursday, July 13, 2017 - 00:00