Daily Ruleset Update Summary 2017/08/18

[***]            Summary:            [***]

1 new Open, 17 new Pro (1 + 16). Formbook Stealer, ompromised Chrome Extension DNS, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024599 - ET CURRENT_EVENTS Successful Interac Phish Aug 18 2017 (current_events.rules)

Pro:

2827581 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 18 2017 (current_events.rules)
2827582 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 17 2017 (current_events.rules)
2827583 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827584 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827585 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827586 - ETPRO TROJAN Possible Comprimised Chrome Extension DGA Lookup (trojan.rules)
2827587 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827588 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827589 - ETPRO TROJAN MSIL/Bummmblebee Backdoor CnC Checkin (trojan.rules)
2827590 - ETPRO TROJAN Win32/CoinMiner Variant CnC Checkin (trojan.rules)
2827591 - ETPRO TROJAN Win32/CoinMiner Variant CnC Communications (trojan.rules)
2827592 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 15 (mobile_malware.rules)
2827593 - ETPRO TROJAN Win32/CoinMiner Variant Requesting Update (trojan.rules)
2827594 - ETPRO TROJAN Formbook Stealer Checkin (trojan.rules)
2827595 - ETPRO TROJAN Win32/Agent.SPU Malicious SSL Certificate Detected (trojan.rules)
2827596 - ETPRO TROJAN DNS Query for known Win32/Agent.SPU CnC (trojan.rules)

[///]     Modified active rules:     [///]

2015910 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 21 2012 (current_events.rules)
2015911 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 21 2012 (current_events.rules)
2015912 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 21 2012 (current_events.rules)
2015913 - ET CURRENT_EVENTS Possible Successful Hotmail Phish Nov 21 2012 (current_events.rules)
2015914 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials Nov 21 2012 (current_events.rules)
2017135 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 12 2013 (current_events.rules)
2017750 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 25 2013 (current_events.rules)
2017751 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 25 2013 (current_events.rules)
2017752 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 25 2013 (current_events.rules)
2017754 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials Nov 25 2013 (current_events.rules)
2019782 - ET CURRENT_EVENTS Successful PayPal Phish Nov 24 2014 (current_events.rules)
2019783 - ET CURRENT_EVENTS Successful Paypal Phish Nov 24 2014  (current_events.rules)
2019784 - ET CURRENT_EVENTS Successful Paypal Phish Nov 24 2014 (current_events.rules)
2021323 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Jun 23 2015 (current_events.rules)
2021400 - ET CURRENT_EVENTS Possible Google Drive/Dropbox Phishing Landing Jul 10 2015 (current_events.rules)
2021537 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul28 2015 (current_events.rules)
2021538 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul28 2015 (current_events.rules)
2021539 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul28 2015 (current_events.rules)
2021540 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul28 2015 (current_events.rules)
2021761 - ET CURRENT_EVENTS Possible Successful Phish - Generic Status Messages Sept 11 2015 (current_events.rules)
2806077 - ETPRO TROJAN Win32/Carberp.A Checkin 4 (trojan.rules)
2808226 - ETPRO TROJAN Trojan/Win32.Zbot Covert Channel port 53 (trojan.rules)
2811900 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Jul 10 2015 (current_events.rules)
2811903 - ETPRO CURRENT_EVENTS Possible Google Drive Phishing Landing Jul 13 2015 (current_events.rules)
2812174 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing M1 July 27 2015 (current_events.rules)
2812177 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing M2 Jul 27 2015 (current_events.rules)
2812196 - ETPRO CURRENT_EVENTS Possible Fedex Phishing Landing Jul28 2015 (current_events.rules)
2812511 - ETPRO CURRENT_EVENTS Bank of America Phishing Landing Aug 19 2015 (current_events.rules)
2812613 - ETPRO CURRENT_EVENTS Successful BBVA Compass Account Phish Aug 21 2015 (current_events.rules)
2814645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct28 2015 (current_events.rules)
2814744 - ETPRO CURRENT_EVENTS Successful Bank of Scotland Phish M1 Nov 4 2015 (current_events.rules)
2814783 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 6 2015 (current_events.rules)
2816790 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Landing Page Mar 29 2016 (current_events.rules)
2816791 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M1 Mar 29 2016 (current_events.rules)
2816792 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M2 Mar 29 2016 (current_events.rules)
2816793 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M3 Mar 29 2016 (current_events.rules)
2816794 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M4 Mar 29 2016 (current_events.rules)
2816795 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M5 Mar 29 2016 (current_events.rules)
2816905 - ETPRO CURRENT_EVENTS Bradesco Bank Phishing Landing Apr 5 2016 (current_events.rules)
2822069 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Sept 9 2016 (current_events.rules)
2822070 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Sept 9 2016 (current_events.rules)
2822071 - ETPRO CURRENT_EVENTS Successful Barclays Phish M3 Sept 9 2016 (current_events.rules)
2822348 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 3 2016 (current_events.rules)
2822432 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Oct 06 2016 (current_events.rules)
2822433 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Oct 06 2016 (current_events.rules)
2822984 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish Oct28 2016 (current_events.rules)
2823777 - ETPRO CURRENT_EVENTS Successful Banque Populaire (FR) Phish Dec 12 2016 (current_events.rules)
2823903 - ETPRO CURRENT_EVENTS Successful BB&T Bank Phish Dec 15 2016 (current_events.rules)
2824277 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Jan 09 2017 (current_events.rules)
2825048 - ETPRO TROJAN FakeM Variant CnC Beacon (trojan.rules)
2825108 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M2 Feb 23 2017 (current_events.rules)
2825109 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M3 Feb 23 2017 (current_events.rules)
2825110 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M4 Feb 23 2017 (current_events.rules)
2827419 - ETPRO CURRENT_EVENTS GlobeImposter Ransomware Note Counter Request (current_events.rules)
2827579 - ETPRO INFO .moe Domain in TLS SNI (info.rules)

[---]  Disabled and modified rules:  [---]

2022035 - ET CURRENT_EVENTS Google Drive (Remax) Phish Landing Nov 4 (current_events.rules)
2022036 - ET CURRENT_EVENTS Successful Google Drive (Remax) Phish Nov 4 (current_events.rules)
2812200 - ETPRO CURRENT_EVENTS Docusign Phish July 24 - Landing Page (current_events.rules)
2812612 - ETPRO CURRENT_EVENTS Successful BBVA Compass Account Phish Aug 21 (current_events.rules)
2813057 - ETPRO CURRENT_EVENTS OWA PHISH - Fake Outlook Web Access Sep 17 2015 (current_events.rules)
2814599 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 26 1 (current_events.rules)
2814600 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 26 2 (current_events.rules)
2814615 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 27 2 (current_events.rules)
2814745 - ETPRO CURRENT_EVENTS Successful Bank of Scotland Phish Nov 4 M2 (current_events.rules)
2816789 - ETPRO CURRENT_EVENTS L33bo Phishing Kit Mar 29 (current_events.rules)
2825107 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish M1 Feb 23 2017 (current_events.rules)

[---]         Removed rules:         [---]

2824623 - ETPRO TROJAN JS.Downloader.HLD Checkin M2 (trojan.rules)

Date: 
Friday, August 18, 2017 - 00:00