Daily Ruleset Update Summary 2017/09/15

[***]            Summary:            [***]

1 new Open, 16 new Pro (1 + 15). MSIL/Kedi.RAT, Possible CVE-2017-8759 Soap File DL, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2024706 - ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL (current_events.rules)

Pro:

2827959 - ETPRO CURRENT_EVENTS Possible Successful Websocket Credential Phish Sep 15 2017 (current_events.rules)
2827960 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Sep 15 2017 (current_events.rules)
2827961 - ETPRO TROJAN MSIL/Kedi.RAT Communicating to CnC via DNS (trojan.rules)
2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnect RAT PWStealer Module DL) (trojan.rules)
2827963 - ETPRO TROJAN MSIL/Backconnect RAT CnC info Command Reply (trojan.rules)
2827964 - ETPRO TROJAN MSIL/Backconnect RAT CnC info Command Reply 2 (trojan.rules)
2827965 - ETPRO TROJAN MSIL/Backconnect RAT CnC Plg Command Reply (trojan.rules)
2827966 - ETPRO TROJAN MSIL/Backconnect RAT CnC PW Command (trojan.rules)
2827967 - ETPRO TROJAN SFG/Furtim Client Information POST 2 (trojan.rules)
2827968 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank Phish Sep 15 2017 (current_events.rules)
2827969 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sep 15 2017 (current_events.rules)
2827970 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Sep 15 2017 (current_events.rules)
2827971 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Sep 15 2017 (current_events.rules)
2827972 - ETPRO CURRENT_EVENTS Successful Ebay Phish Sep 15 2017 (current_events.rules)
2827973 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 15 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2010066 - ET POLICY Data POST to an image file (gif) (policy.rules)
2017836 - ET TROJAN Possible Zbot Activity Common Download Struct (trojan.rules)
2024270 - ET TROJAN Kazuar CnC Beacon (trojan.rules)
2024271 - ET TROJAN Turla Snake OSX DNS Lookup (car-service .effers.com) (trojan.rules)
2814679 - ETPRO TROJAN AbaddonPOS Exfiltrating CC Numbers 3 (trojan.rules)
2826775 - ETPRO TROJAN Win32/OmgTick CnC Beacon (trojan.rules)
2826900 - ETPRO TROJAN Nomri (Cmstar related) SSL Cert (trojan.rules)
2827107 - ETPRO TROJAN Cmstar/Meciv related Stage2 SSL Cert (trojan.rules)
2827921 - ETPRO TROJAN Salsa Ransomware Checkin (trojan.rules)

[---]         Removed rules:         [---]

2827910 - ETPRO TROJAN Unknown MSIL/Spy.Agent Checkin (trojan.rules)

Date: 
Friday, September 15, 2017 - 00:00