Daily Ruleset Update Summary 2017/09/28

[***]            Summary:            [***]

1 new Open, 14 new Pro (1 + 13). TR/Spy.Banker.agdtw, IP Checks, Various Phishing, Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024780 - ET TROJAN [PTsecurity] TR/Spy.Banker.agdtw Checkin (trojan.rules)

Pro:

2828080 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 28 2017 (current_events.rules)
2828081 - ETPRO CURRENT_EVENTS Successful Personalized Adobe Shared PDF Phish Sep 28 2017 (current_events.rules)
2828082 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 28 2017 (current_events.rules)
2828083 - ETPRO CURRENT_EVENTS Possible Successful Chase Phish Sept 28 2017 (current_events.rules)
2828084 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) Sep 28 2017 (current_events.rules)
2828085 - ETPRO CURRENT_EVENTS Successful Netflix Phish (BR) Sep 28 2017 (current_events.rules)
2828086 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 26 (mobile_malware.rules)
2828087 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 22 (mobile_malware.rules)
2828088 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 27 (mobile_malware.rules)
2828089 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 28 (mobile_malware.rules)
2828090 - ETPRO POLICY IP Check ip.anysrc.net DNS Lookup (policy.rules)
2828091 - ETPRO POLICY IP Check whatsmyip.website DNS Lookup (policy.rules)
2828092 - ETPRO MALWARE Win32/Auslogics PUA Check-in Attempt (malware.rules)

[///]     Modified active rules:     [///]

2022217 - ET CURRENT_EVENTS Successful Google Drive Phish Dec 4 2015 M1 (current_events.rules)
2024436 - ET TROJAN Formbook 0.3 Checkin (trojan.rules)
2809235 - ETPRO TROJAN Blaknight.A/HawkEye Connectivity Check (trojan.rules)
2812468 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 14 2015 (current_events.rules)
2812469 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 14 2015 (current_events.rules)
2812686 - ETPRO CURRENT_EVENTS Successful Wells Fargo/CIBC Bank Phish Aug 25 2015 M1 (current_events.rules)
2812687 - ETPRO CURRENT_EVENTS Successful Carribean International Bank Account Phish Aug 25 2015 (current_events.rules)
2814714 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M1 (current_events.rules)
2814715 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M2 (current_events.rules)
2814780 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 6 2015 M1 (current_events.rules)
2814781 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 6 2015 M2 (current_events.rules)
2814782 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 6 2015 M3 (current_events.rules)
2815437 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 21 2015 M1 (current_events.rules)
2815438 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 21 2015 M2 (current_events.rules)
2816733 - ETPRO CURRENT_EVENTS Successful Phish to Compromised Wordpress Site Mar 23 2016 (current_events.rules)
2820683 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 15 2016 (current_events.rules)
2821170 - ETPRO CURRENT_EVENTS Successful Centurylink Account Phish Jul 15 2016 (current_events.rules)
2821852 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Aug 25 2016 (current_events.rules)
2821916 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 30 2016 (current_events.rules)
2822315 - ETPRO CURRENT_EVENTS Successful Bradesco Bank Phish M1 Sept 29 2016 (current_events.rules)
2822316 - ETPRO CURRENT_EVENTS Possible Successful Banking Phish (BR) Sept 28 2017 (current_events.rules)
2822593 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Oct 12 2016 (current_events.rules)
2822669 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 17 2016 (current_events.rules)
2822670 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 17 2016 (current_events.rules)
2823670 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 07 2016 M2 (current_events.rules)
2823741 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish Dec 09 2016 (current_events.rules)
2823932 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 16 2016 (current_events.rules)
2825057 - ETPRO CURRENT_EVENTS Successful Capital One Phish Feb 21 2017 (current_events.rules)
2826708 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk SMS Exfil via SMTP (mobile_malware.rules)
2826980 - ETPRO TROJAN Win32/Filecoder.AB POST with System Info (trojan.rules)
2828049 - ETPRO CURRENT_EVENTS Malicious Domain in SNI Observed - Possible Browser Coin Mining (current_events.rules)

[---]  Disabled and modified rules:  [---]

2024766 - ET EXPLOIT [PTsecurity] DoublePulsar Backdoor installation communication (exploit.rules)
2812906 - ETPRO CURRENT_EVENTS Successful BofA Phish Sept 4 M4 (current_events.rules)
2816420 - ETPRO CURRENT_EVENTS Successful Chase Phish Feb 26 (current_events.rules)
2816599 - ETPRO CURRENT_EVENTS Successful Canada Tax Phish Mar 9 (current_events.rules)
2822318 - ETPRO CURRENT_EVENTS Successful Bradesco Bank Phish M4 Sept 29 2016 (current_events.rules)
2822497 - ETPRO CURRENT_EVENTS Successful BT Phish Oct 07 2016 (current_events.rules)
2822851 - ETPRO CURRENT_EVENTS Successful Bradesco Bank Phish Oct 25 2016 (current_events.rules)
2822943 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish M1 Oct 27 2016 (current_events.rules)
2822944 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish M2 Oct 27 2016 (current_events.rules)
2823669 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Dec 07 2016 (current_events.rules)
2824097 - ETPRO CURRENT_EVENTS Successful Capital One Phish Dec 27 2016 (current_events.rules)

[---]         Removed rules:         [---]

2002802 - ET EXPLOIT Windows Media Player parsing BMP file with 0 size offset to start of image (exploit.rules)

Date: 
Thursday, September 28, 2017 - 00:00