Daily Ruleset Update Summary 2017/08/15

[***]            Summary:            [***]

7 new Open, 40 new Pro (7 + 33). UniFi Cloud Key RCE, W32.Defray Ransomware Checkin, Various Phishing, Various Mobile.

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

2024547 - ET CURRENT_EVENTS Successful Square Phish Nov 16 2015 (current_events.rules)
2024548 - ET EXPLOIT Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt (exploit.rules)
2024549 - ET CURRENT_EVENTS Windows Scriptlet Invoking Powershell Likely Malicious (current_events.rules)
2024550 - ET CURRENT_EVENTS Likely Malicious Windows SCT Download MSXMLHTTP M1 (current_events.rules)
2024551 - ET CURRENT_EVENTS Likely Malicious Windows SCT Download MSXMLHTTP M2 (current_events.rules)
2024552 - ET CURRENT_EVENTS Likely Malicious Windows SCT Download MSXMLHTTP M3 (current_events.rules)
2024553 - ET CURRENT_EVENTS Likely Malicious Windows SCT Download MSXMLHTTP AX (current_events.rules)

Pro:

2827517 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827518 - ETPRO TROJAN Bitcoin miner known malicious basic auth (Y3ZjemN2Y0B5YW5kZXgucnVfdjo3Nzc=) (trojan.rules)
2827519 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 1) (trojan.rules)
2827520 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 2) (trojan.rules)
2827521 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 3) (trojan.rules)
2827522 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 4) (trojan.rules)
2827523 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 5) (trojan.rules)
2827524 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 6) (trojan.rules)
2827525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 7) (trojan.rules)
2827526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 8) (trojan.rules)
2827527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 9) (trojan.rules)
2827528 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 10) (trojan.rules)
2827529 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 11) (trojan.rules)
2827530 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 12) (trojan.rules)
2827531 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 13) (trojan.rules)
2827532 - ETPRO CURRENT_EVENTS EXE Downloader Domain in SNI (current_events.rules)
2827533 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Update Security Information Phish Aug 15 2017 (current_events.rules)
2827534 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 15 2017 (current_events.rules)
2827535 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 15 2017 (current_events.rules)
2827536 - ETPRO CURRENT_EVENTS Successful Netflix (BR) M1 Phish Aug 15 2017 (current_events.rules)
2827537 - ETPRO CURRENT_EVENTS Successful Netflix (BR) M2 Phish Aug 15 2017 (current_events.rules)
2827538 - ETPRO CURRENT_EVENTS Successful Telia Sverige (SE) Phish Aug 15 2017 (current_events.rules)
2827539 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Aug 15 2017 (current_events.rules)
2827540 - ETPRO CURRENT_EVENTS Successful Facebook Mobile Phish Aug 15 2017 (current_events.rules)
2827541 - ETPRO MOBILE_MALWARE Android Unknown Trojan SMS Exfil (mobile_malware.rules)
2827542 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2827543 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827544 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT SMS Exfil via MySQL (mobile_malware.rules)
2827545 - ETPRO TROJAN W32.Defray Ransomware Checkin (trojan.rules)
2827546 - ETPRO TROJAN W32.SpecCom Variant Checkin (trojan.rules)
2827547 - ETPRO TROJAN Win32/Nuclear CnC DNS Query (trojan.rules)
2827548 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP 4 (mobile_malware.rules)
2827549 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP 4 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2814207 - ETPRO CURRENT_EVENTS Successful Yahoo Credential Phish Oct 02 2015  (current_events.rules)
2814550 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 23 2015 (current_events.rules)
2816347 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M1 2016 (current_events.rules)
2820684 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 15 2016 (current_events.rules)
2821914 - ETPRO CURRENT_EVENTS Successful Apple Store Transaction Cancellation Phish Aug 30 2016 (current_events.rules)
2822107 - ETPRO CURRENT_EVENTS Successful Apple Phish Sept 14 2016 (current_events.rules)
2822111 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sept 14 2016 (current_events.rules)
2822112 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sept 14 2016 (current_events.rules)
2822113 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 14 2016 (current_events.rules)
2822493 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Oct 07 2016 (current_events.rules)
2822499 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Oct 07 2016 (current_events.rules)
2822787 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish Oct 20 2016 (current_events.rules)
2823041 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 31 2016 (current_events.rules)
2823678 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eg Contacts Exfil via SMTP (mobile_malware.rules)
2823691 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Dec 08 2016 (current_events.rules)
2824108 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M1 Dec 29 2016 (current_events.rules)
2824109 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M2 Dec 29 2016 (current_events.rules)
2824110 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M3 Dec 29 2016 (current_events.rules)
2824111 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M4 Dec 29 2016 (current_events.rules)
2824157 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 30 2016 (current_events.rules)
2824240 - ETPRO CURRENT_EVENTS Successful Apple Phish M4 Jan 05 2017 (current_events.rules)
2824468 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Jan 17 2017 (current_events.rules)
2824790 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 06 2017 (current_events.rules)
2824791 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 06 2017 (current_events.rules)
2824857 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M1 Feb 08 2017 (current_events.rules)
2824858 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M2 Feb 08 2017 (current_events.rules)
2825038 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish Feb 17 2017 (current_events.rules)
2825105 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M1 Feb 23 2017 (current_events.rules)
2825106 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M2 Feb 23 2017 (current_events.rules)
2827315 - ETPRO CURRENT_EVENTS Successful Netflix Phish Jul 26 2017 (current_events.rules)
2827414 - ETPRO MALWARE MSIL/AdWare.Dotdo PUA CnC Checkin (malware.rules)
2827442 - ETPRO EXPLOIT Microsoft JET Database Engine RCE Inbound (CVE-2017-0250) (exploit.rules)

[---]  Disabled and modified rules:  [---]

2816348 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M2 (current_events.rules)
2820844 - ETPRO CURRENT_EVENTS Successful AT&T Webmail Phish Jun 23 (current_events.rules)
2820882 - ETPRO CURRENT_EVENTS Successful Avast Email Virus Phish Jun 27 (current_events.rules)
2820906 - ETPRO CURRENT_EVENTS Successful ATT Mobile Phish Jun28 (current_events.rules)
2822668 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 17 2016 (current_events.rules)
2824467 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jan 17 2017 (current_events.rules)
2824797 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 06 2017 (current_events.rules)
2825233 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Mar 03 2017 (current_events.rules)

[---]         Removed rules:         [---]

2814943 - ETPRO CURRENT_EVENTS Successful Square Phish Nov 16 (current_events.rules)

Date: 
Tuesday, August 15, 2017 - 00:00