Daily Ruleset Update Summary 2017/07/14

[***]            Summary:            [***]

2 new Open, 11 new Pro (2 + 9). Fenrir Ransomware, OGNL Expression Injection, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024467 - ET TROJAN Observed DNS Query to Known Fenrir Ransomware CnC Domain (trojan.rules)
2024468 - ET WEB_SPECIFIC_APPS OGNL Expression Injection (CVE-2017-9791) (web_specific_apps.rules)

Pro:

2827138 - ETPRO CURRENT_EVENTS Successful Kiwibank Phish Jul 14 2017 (current_events.rules)
2827139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-14) (trojan.rules)
2827140 - ETPRO MOBILE_MALWARE Android/Monitor.OwnSpy.B CnC Beacon (mobile_malware.rules)
2827141 - ETPRO TROJAN Powershell Ransomware Onion Domain (trojan.rules)
2827142 - ETPRO TROJAN Powershell Ransomware Onion Domain (trojan.rules)
2827143 - ETPRO TROJAN Monsoon APT Fake Doc DL (trojan.rules)
2827144 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil Keitaro TDS) Jul 14 2017 (current_events.rules)
2827145 - ETPRO TROJAN Monsoon APT Backdoor Checkin M1 (trojan.rules)
2827146 - ETPRO TROJAN Nemesis Ransomware Onion Domain (trojan.rules)

[///]     Modified active rules:     [///]

2017753 - ET CURRENT_EVENTS Possible Successful Remax Phish - Hotmail Creds Nov 25 2013 (current_events.rules)
2021296 - ET CURRENT_EVENTS Successful Adobe Phish Jun 17 2015 (current_events.rules)
2021297 - ET CURRENT_EVENTS Successful Google Drive Phish June 17 2015 (current_events.rules)
2021298 - ET CURRENT_EVENTS Successful Dropbox Phish June 17 2015 (current_events.rules)
2021322 - ET CURRENT_EVENTS Possible Successful Remax Phish - AOL Creds Jun 23 2015 (current_events.rules)
2021324 - ET CURRENT_EVENTS Possible Successful Remax Phish - Other Creds Jun 23 2015 (current_events.rules)
2811898 - ETPRO CURRENT_EVENTS Possible Successful Phish (Google/Dropbox/Netflix) Jul 10 2015 (current_events.rules)
2812175 - ETPRO CURRENT_EVENTS Possible Successful Google Drive Phish M1 July 27 2015 (current_events.rules)
2812176 - ETPRO CURRENT_EVENTS Possible Successful Google Drive Phish M2 July 27 2015 (current_events.rules)
2812195 - ETPRO CURRENT_EVENTS Possible Successful Fedex Phish Jul28 2015 (current_events.rules)
2812280 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Jul 29 2015 (current_events.rules)
2812557 - ETPRO CURRENT_EVENTS Successful Adobe Online Account Phish Aug 20 2015 (current_events.rules)
2812796 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug28 2015 (current_events.rules)
2812828 - ETPRO CURRENT_EVENTS Successful Account Update Phish Aug 31 2015 (current_events.rules)
2814201 - ETPRO CURRENT_EVENTS Possible Successful Credential Phish Oct 1 2015 (current_events.rules)
2814211 - ETPRO CURRENT_EVENTS Successful Adobe PDF Credential Phish Oct 2 2015 (current_events.rules)
2816610 - ETPRO CURRENT_EVENTS Successful Adobe Phish Mar 10 2016 (current_events.rules)
2819809 - ETPRO CURRENT_EVENTS Redirect to Adobe Shared Document Phishing M3 Apr 15 2016 (current_events.rules)
2819995 - ETPRO CURRENT_EVENTS Successful Adobe Phish Apr 29 2016 (current_events.rules)
2820014 - ETPRO CURRENT_EVENTS Possible Successful SWF/XML Phish May 2 2016 (current_events.rules)
2821032 - ETPRO CURRENT_EVENTS Successful Adobe Phish M1 Jul 11 2016 (current_events.rules)
2821312 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jul 21 2016 (current_events.rules)
2821598 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug 10 2016 (current_events.rules)
2822004 - ETPRO CURRENT_EVENTS Successful Account Update Phish Sept 6 2016 (current_events.rules)
2822121 - ETPRO CURRENT_EVENTS Successful Adobe Phish Sept 14 2016 (current_events.rules)
2822122 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sept 14 2016 (current_events.rules)
2822144 - ETPRO CURRENT_EVENTS Possible Successful Phish - Generic Form Names Sept 9 2016 (current_events.rules)
2822897 - ETPRO CURRENT_EVENTS Successful ABSA Phish Oct 26 2016 (current_events.rules)
2823240 - ETPRO TROJAN EDA2 Ransomware Variants/Magic CnC Checkin (trojan.rules)
2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016 (current_events.rules)
2823722 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw Checkin via SMTP (mobile_malware.rules)
2824246 - ETPRO CURRENT_EVENTS Phishing Landing Checking Browser/OS/Platform Jan 05 2017 (current_events.rules)
2824559 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Jan 20 2017 (current_events.rules)
2824855 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M2 Feb 08 2017 (current_events.rules)
2827128 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 5 (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2821237 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Jul 20 2016 (current_events.rules)

[---]         Disabled rules:        [---]

2812187 - ETPRO CURRENT_EVENTS Possible Successful BofA PHISH July 27 M3 (current_events.rules)
2812350 - ETPRO CURRENT_EVENTS Possible Successful Linkedin Phish Aug 11 (current_events.rules)
2815171 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Dec 2 (current_events.rules)
2816602 - ETPRO CURRENT_EVENTS Successful Adobe Phishing March 8 (current_events.rules)
2821033 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jul 11 M2 (current_events.rules)
2821166 - ETPRO CURRENT_EVENTS Successful Adobe Document Phish Jul 15 (current_events.rules)
2821961 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug 31 2016 (current_events.rules)
2822369 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 04 2016 (current_events.rules)
2822572 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish Oct 11 2016 (current_events.rules)

Date: 
Friday, July 14, 2017 - 00:00