Daily Ruleset Update Summary 2017/10/02

[***]            Summary:            [***]

6 new Open, 17 new Pro (6 + 11). Black Stealer, MSIL/AnimusBot, Various Phishing, Mobile.

Thanks: @AttackDetection, @NCCGroupInfosec

[+++]          Added rules:          [+++]

Open:

2024786 - ET POLICY Request for Coinhive Browser Monero Miner M2 (policy.rules)
2024788 - ET POLICY Request for Jsecoin Browser Miner M2 (policy.rules)
2024789 - ET POLICY DNS request for Monero mining pool (policy.rules)
2024790 - ET TROJAN [PTsecurity] Black Stealer Exfil System Info (trojan.rules)
2024791 - ET TROJAN [PTsecurity] Black Stealer Exfil FTP STOR (trojan.rules)
2024792 - ET POLICY Cryptocurrency Miner Checkin (policy.rules)

Pro:

2828109 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.GL SMS Exfil (mobile_malware.rules)
2828110 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon (mobile_malware.rules)
2828111 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
2828112 - ETPRO TROJAN MSIL/AnimusBot CnC Checkin (trojan.rules)
2828113 - ETPRO MOBILE_MALWARE Android/Spy.Banker.HL Checkin (mobile_malware.rules)
2828114 - ETPRO TROJAN MSIL/MLSN Bot CnC Checkin (trojan.rules)
2828115 - ETPRO TROJAN MSIL/Injector.BSL CnC Activity (Start) (trojan.rules) 
2828116 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish M1 Oct 02 2017 (current_events.rules)
2828117 - ETPRO TROJAN ZBot.BW/Injector.KA CnC Activity (trojan.rules)
2828118 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish M2 Oct 02 2017 (current_events.rules)
2828119 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 02 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2013739 - ET TROJAN Zeus P2P CnC (trojan.rules)
2022497 - ET CURRENT_EVENTS Successful Apple Phish M1 Feb 06 2016 (current_events.rules)
2022992 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Jul 29 2016 (current_events.rules)
2024779 - ET CURRENT_EVENTS DNS Query For Browser Cryptocurrency Mining Domain (current_events.rules)
2812824 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug 31 2015 (current_events.rules)
2814127 - ETPRO CURRENT_EVENTS Successful Shipping Document Phish Sept 28 2015 (current_events.rules) 
2814152 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Sept 29 2015 (current_events.rules)
2814916 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov 13 2015 (current_events.rules)
2814967 - ETPRO CURRENT_EVENTS Apple Account Phishing Landing Nov 17 2015 (current_events.rules)
2815660 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect - Possible Phishing Landing Jan 7 2016 (current_events.rules)
2816019 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M1 Feb 01 2016 (current_events.rules)
2816020 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M2 Feb 01 2016 (current_events.rules)
2816172 - ETPRO CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016 (current_events.rules)
2816313 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Feb 18 2016 (current_events.rules) 
2816451 - ETPRO CURRENT_EVENTS Successful Apple Phishing M1 Mar 1 2016 (current_events.rules)
2816452 - ETPRO CURRENT_EVENTS Successful Apple Phishing M2 Mar 1 2016 (current_events.rules)
2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16 2016 (current_events.rules)
2820350 - ETPRO CURRENT_EVENTS Suspicious Redirect - Possible Phishing May 25 2016 (current_events.rules)
2820351 - ETPRO CURRENT_EVENTS Phishing Fake Mailbox Quota Increase Messages May 25 2016 (current_events.rules)
2820831 - ETPRO CURRENT_EVENTS Successful Webmail Phish M1 Jun 22 2016 (current_events.rules)
2820833 - ETPRO CURRENT_EVENTS Successful Webmail Phish M2 Jun 22 2016 (current_events.rules)
2820834 - ETPRO CURRENT_EVENTS Successful Webmail Phish M3 Jun 22 2016 (current_events.rules)
2821137 - ETPRO CURRENT_EVENTS Successful Outlook Phish Jul 14 2016 (current_events.rules)
2821163 - ETPRO CURRENT_EVENTS Successful Docusign/O365 Phish Jul 15 2016 (current_events.rules)
2821336 - ETPRO CURRENT_EVENTS Successful Personalized Email Phish Jul 22 2016 (current_events.rules)
2821569 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 M2 (trojan.rules)
2822080 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing Sept 12 2016 (current_events.rules)
2828107 - ETPRO TROJAN DDoS.Win32/Nitol.B Checkin 5 (trojan.rules)

[///]    Modified inactive rules:    [///]

2024696 - ET TROJAN [PTsecurity] pkt checker 2 (trojan.rules)

Date: 
Monday, October 2, 2017 - 00:00