Daily Ruleset Update Summary 2017/08/17

[***]            Summary:            [***]

13 new Open, 28 new Pro (13 + 15). ShadowPad CnC DNS, Win32/Urelas.BC, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024586 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M1 Aug 17 2017 (current_events.rules)
2024587 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M2 Aug 17 2017 (current_events.rules)
2024588 - ET TROJAN DNS Query for known ShadowPad CnC 1 (trojan.rules)
2024589 - ET TROJAN DNS Query for known ShadowPad CnC 2 (trojan.rules)
2024590 - ET TROJAN DNS Query for known ShadowPad CnC 3 (trojan.rules)
2024591 - ET TROJAN DNS Query for known ShadowPad CnC 4 (trojan.rules)
2024592 - ET TROJAN DNS Query for known ShadowPad CnC 5 (trojan.rules)
2024593 - ET TROJAN DNS Query for known ShadowPad CnC 6 (trojan.rules)
2024594 - ET TROJAN DNS Query for known ShadowPad CnC 7 (trojan.rules)
2024595 - ET TROJAN DNS Query for known ShadowPad CnC 8 (trojan.rules)
2024596 - ET TROJAN DNS Query for known ShadowPad CnC 9 (trojan.rules)
2024597 - ET TROJAN DNS Query for known ShadowPad CnC 10 (trojan.rules)
2024598 - ET TROJAN DNS Query for known ShadowPad CnC 11 (trojan.rules)

Pro:

2827564 - ETPRO TROJAN Ransomware Locky .onion Payment Domain (g46mbrrzpfszonuk) (trojan.rules)
2827565 - ETPRO TROJAN Win32/LockCrypt Ransomware CnC Checkin (trojan.rules)
2827566 - ETPRO CURRENT_EVENTS Successful Yapikredi Bank (TR) Phish M1 Aug 17 2017 (current_events.rules)
2827567 - ETPRO CURRENT_EVENTS Successful Yapikredi Bank (TR) Phish M2 Aug 17 2017 (current_events.rules)
2827568 - ETPRO CURRENT_EVENTS Successful Citibank Phish M1 Aug 17 2017 (current_events.rules)
2827569 - ETPRO CURRENT_EVENTS Successful Citibank Phish M2 Aug 17 2017 (current_events.rules)
2827570 - ETPRO CURRENT_EVENTS Successful Diamond Bank Phish M1 Aug 17 2017 (current_events.rules)
2827571 - ETPRO CURRENT_EVENTS Successful Diamond Bank Phish M2 Aug 17 2017 (current_events.rules)
2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017 (current_events.rules)
2827573 - ETPRO TROJAN Win32/Urelas.BC CnC Beacon (trojan.rules)
2827576 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 13 (mobile_malware.rules)
2827577 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 14 (mobile_malware.rules)
2827578 - ETPRO TROJAN Likely Dropper Doc GET to .moe TLD (trojan.rules)
2827579 - ETPRO INFO .moe Domain in TLS SNI (info.rules)
2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)

[///]     Modified active rules:     [///]

2015907 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish (current_events.rules)
2015908 - ET CURRENT_EVENTS Successful Generic PII Phish (current_events.rules)
2015952 - ET CURRENT_EVENTS Possible Successful Generic SSN Phish (current_events.rules)
2019613 - ET POLICY Office Document Download Containing AutoOpen Macro (policy.rules)
2021977 - ET TROJAN NetWire / Ozone / Darktrack Alien RAT - Server Hello (trojan.rules)
2814199 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 1 2015 (current_events.rules)
2815050 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 20 2015 (current_events.rules)
2821424 - ETPRO TROJAN Win32/Daserf CnC Beacon 1 (trojan.rules)
2822812 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 21 2016 (current_events.rules)
2822946 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 26 2016 (current_events.rules)
2822947 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Oct 26 2016 (current_events.rules)
2822948 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M4 Oct 26 2016 (current_events.rules)
2822984 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish Oct 28 2016 (current_events.rules)
2823439 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Nov 22 2016 (current_events.rules)
2824236 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Jan 05 2017 (current_events.rules)
2827557 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2821919 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Aug 30 2016 (current_events.rules)

Date: 
Thursday, August 17, 2017 - 00:00