Daily Ruleset Update Summary 2017/08/21

[***] Summary: [***]

1 new Open signature, 10 new Pro (1 + 9). PowerShell/TrojanDownloader, Koadic Loader, VARIOUS PHISHING.

[+++]          Added rules:          [+++]

Open:

2024600 - ET CURRENT_EVENTS Possible Maldoc Downloader Aug 18 2017 (current_events.rules)

Pro:

2827597 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) Aug 21 2017 (current_events.rules)
2827598 - ETPRO CURRENT_EVENTS Successful Bittrex Exchange Phish Aug 21 2017 (current_events.rules)
2827599 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP SaveResult (trojan.rules)
2827600 - ETPRO TROJAN Koadic Loader HTA Downloaded (trojan.rules)
2827601 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert 2017-08-21 (MalDoc DL) (current_events.rules)
2827602 - ETPRO TROJAN StressHub DDoS Bot CnC Checkin (trojan.rules)
2827603 - ETPRO CURRENT_EVENTS Successful KeyBank Phish Aug 21 2017 (current_events.rules)
2827604 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Sivu.h Checkin (mobile_malware.rules)
2827605 - ETPRO TROJAN Win32/Unk.CoinMiner CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2014225 - ET TROJAN LURK Trojan Communication Protocol detected (trojan.rules)
2015910 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 21 2012 (current_events.rules)
2015911 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 21 2012 (current_events.rules)
2015912 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 21 2012 (current_events.rules)
2015913 - ET CURRENT_EVENTS Possible Successful Hotmail Phish Nov 21 2012 (current_events.rules)
2015914 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials Nov 21 2012 (current_events.rules)
2017135 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 12 2013 (current_events.rules)
2017750 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 25 2013 (current_events.rules)
2017751 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 25 2013 (current_events.rules)
2017752 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 25 2013 (current_events.rules)
2017754 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials Nov 25 2013 (current_events.rules)
2019782 - ET CURRENT_EVENTS Successful PayPal Phish Nov 24 2014 (current_events.rules)
2019783 - ET CURRENT_EVENTS Successful Paypal Phish Nov 24 2014 (current_events.rules)
2019784 - ET CURRENT_EVENTS Successful Paypal Phish Nov 24 2014 (current_events.rules)
2021323 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Jun 23 2015 (current_events.rules)
2021400 - ET CURRENT_EVENTS Possible Google Drive/Dropbox Phishing Landing Jul 10 2015 (current_events.rules)
2021537 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28 2015 (current_events.rules)
2021538 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28 2015 (current_events.rules)
2021539 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28 2015 (current_events.rules)
2021540 - ET CURRENT_EVENTS Possible Generic Phishing Landing Jul 28 2015 (current_events.rules)
2021761 - ET CURRENT_EVENTS Possible Successful Phish - Generic Status Messages Sept 11 2015 (current_events.rules)
2024543 - ET TROJAN Observed DNS Query to Gryphon CnC Domain / GlobeImposter Payment Domain (trojan.rules)
2811900 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Jul 10 2015 (current_events.rules)
2811903 - ETPRO CURRENT_EVENTS Possible Google Drive Phishing Landing Jul 13 2015 (current_events.rules)
2812174 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing M1 July 27 2015 (current_events.rules)
2812177 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing M2 July 27 2015 (current_events.rules)
2812196 - ETPRO CURRENT_EVENTS Possible Fedex Phishing Landing July 28 2015 (current_events.rules)
2812511 - ETPRO CURRENT_EVENTS Bank of America Phishing Landing Aug 19 2015 (current_events.rules)
2812905 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Sept 4 2015 (current_events.rules)
2814282 - ETPRO CURRENT_EVENTS Successful Blackboard Account Phish Oct 8 2015 (current_events.rules)
2816790 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Landing Page Mar 29 2016 (current_events.rules)
2816791 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M1 Mar 29 2016 (current_events.rules)
2816792 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M2 Mar 29 2016 (current_events.rules)
2816793 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M3 Mar 29 2016 (current_events.rules)
2816794 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M4 Mar 29 2016 (current_events.rules)
2816795 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential Phish M5 Mar 29 2016 (current_events.rules)
2816905 - ETPRO CURRENT_EVENTS Bradesco Bank Phishing Landing Apr 5 2016 (current_events.rules)
2821799 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M1 Aug 23 2016 (current_events.rules)
2824382 - ETPRO CURRENT_EVENTS Successful Blockchain.info Phish Jan 11 2017 (current_events.rules)
2825185 - ETPRO CURRENT_EVENTS Successful My ADP Phish Mar 01 2017 (current_events.rules)
2826297 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP GetCommand  (trojan.rules)
2827583 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827584 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827585 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827587 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)
2827588 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup (trojan.rules)

[---]  Disabled and modified rules:  [---]

2812904 - ETPRO CURRENT_EVENTS Successful BofA Phish Sept 4 M2 (current_events.rules)
2820668 - ETPRO CURRENT_EVENTS Successful BNP Paribas Bank Phish Jun 15 (current_events.rules)
2821790 - ETPRO CURRENT_EVENTS Successful BMO Phish M1 Aug 22 2016 (current_events.rules)
2821791 - ETPRO CURRENT_EVENTS Successful BMO Phish M2 Aug 22 2016 (current_events.rules)
2823513 - ETPRO CURRENT_EVENTS Successful Blackboard Phish Nov 23 2016 (current_events.rules)
2825037 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb 17 2017 (current_events.rules)
2825104 - ETPRO CURRENT_EVENTS Successful BNP Paribas (FR) Phish Feb 23 2017 (current_events.rules)
2825146 - ETPRO CURRENT_EVENTS Successful BMO Phish M3 Feb 27 2017 (current_events.rules)

Date: 
Monday, August 21, 2017 - 00:00