Daily Ruleset Update Summary 2017/10/03

[***]            Summary:            [***]

2 new Open, 31 new Pro (2 + 29). DeathBot.Java, Various Scada, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024793 - ET MALWARE [PTsecurity] DeathBot.Java (Minecraft Spambot) (malware.rules)
2024794 - ET MALWARE Java.Deathbot Requesting Proxies (malware.rules)

Pro:

2801004 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
2801005 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
2801094 - ETPRO SCADA_SPECIAL PROSOFT (Event 20) Function Not Available Error (scada_special.rules)
2801095 - ETPRO SCADA_SPECIAL PROSOFT (Event 21) Point Not Available (scada_special.rules)
2801169 - ETPRO SCADA_SPECIAL SCHWEITZER (Event 33)Date Change Attempt (scada_special.rules)
2801171 - ETPRO SCADA_SPECIAL SCHWEITZER (Event 24) View Device Status (scada_special.rules)
2828120 - ETPRO TROJAN MSIL/ClipBanker.DH CnC Checkin (trojan.rules)
2828121 - ETPRO TROJAN MSIL/Unk.Agent.AES CnC Checkin (trojan.rules)
2828122 - ETPRO CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M3 (current_events.rules)
2828123 - ETPRO CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M4 (current_events.rules)
2828124 - ETPRO TROJAN Observed Ovidiy/Reborn Stealer in SNI via SSL (trojan.rules)
2828125 - ETPRO TROJAN Observed Ovidiy/Reborn Stealer in SNI via SSL (trojan.rules)
2828126 - ETPRO CURRENT_EVENTS Microsoft Office 365 Phishing Landing Oct 3 2017 (current_events.rules)
2828127 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 03 2017 (current_events.rules)
2828128 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP M2 (trojan.rules)
2828129 - ETPRO CURRENT_EVENTS Banque et Assurance Phishing Landing Oct 3 2017 (current_events.rules)
2828130 - ETPRO CURRENT_EVENTS Successful Banque et Assurance Phish Oct 3 2017 (current_events.rules)
2828131 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 224 (mobile_malware.rules)
2828132 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 225 (mobile_malware.rules)
2828133 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 226 (mobile_malware.rules)
2828134 - ETPRO TROJAN MSIL/Generik.LVSOCW (Keylogger) CnC Checkin (trojan.rules)
2828135 - ETPRO MALWARE Win32/DriverAgentPlus PUA CnC Check-in (malware.rules)
2828136 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 227 (mobile_malware.rules)
2828137 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 228 (mobile_malware.rules)
2828138 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 229 (mobile_malware.rules)
2828139 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 230 (mobile_malware.rules)
2828140 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 231 (mobile_malware.rules)
2828141 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 232 (mobile_malware.rules)
2828142 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 233 (mobile_malware.rules)

[+++]  Enabled and modified rules:   [+++]

2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)

[///]     Modified active rules:     [///]

2825611 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing M1 Mar 25 2017 (current_events.rules)
2825632 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 27 2017 (current_events.rules)
2826114 - ETPRO CURRENT_EVENTS Successful Netflix Payment Information Phish Apr 26 2017 (current_events.rules)
2827264 - ETPRO TROJAN MSIL/Unk.Stealer CnC Checkin (trojan.rules)
2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnet RAT PWStealer Module DL) (trojan.rules)
2827963 - ETPRO TROJAN MSIL/Backconnet RAT CnC info Command Reply (trojan.rules)
2827964 - ETPRO TROJAN MSIL/Backconnet RAT CnC info Command Reply 2 (trojan.rules)
2827965 - ETPRO TROJAN MSIL/Backconnet RAT CnC Plg Command Reply (trojan.rules)
2827966 - ETPRO TROJAN MSIL/Backconnet RAT CnC PW Command (trojan.rules)

Date: 
Tuesday, October 3, 2017 - 00:00