Daily Ruleset Update Summary 2017/10/04

[***]            Summary:            [***]

8 new Open, 18 new Pro (8 + 10). Xwdoor, Banker.Win32.Capper/Tepoyx.A, Various Mobile, Various Phishing.

Thanks: @hak5kerby

[+++]          Added rules:          [+++]

Open:

2024795 - ET CURRENT_EVENTS Possible Scotiabank Phishing Landing - Title over non SSL (current_events.rules)
2024796 - ET CURRENT_EVENTS Possible Desjardins Phishing Landing - Title over non SSL (current_events.rules)
2024797 - ET CURRENT_EVENTS Possible CIBC Phishing Landing - Title over non SSL (current_events.rules)
2024798 - ET CURRENT_EVENTS Possible BMO Bank of Montreal Phishing Landing - Title over non SSL (current_events.rules)
2024799 - ET CURRENT_EVENTS Phishing Landing Oct 04 2017 (current_events.rules)
2024800 - ET CURRENT_EVENTS Successful Santander Phish M1 Oct 04 2017 (current_events.rules)
2024801 - ET CURRENT_EVENTS Successful Santander Phish M3 Oct 04 2017 (current_events.rules)
2024802 - ET CURRENT_EVENTS Successful Santander Phish M2 Oct 04 2017 (current_events.rules)

Pro:

2828143 - ETPRO CURRENT_EVENTS Craigslist Phishing Landing Oct 04 2017 (current_events.rules)
2828144 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Oct 04 2017 (current_events.rules)
2828145 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number Phish Oct 04 2017 (set) (current_events.rules)
2828146 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number Phish Oct 04 2017 (current_events.rules)
2828147 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit Card Number Phish Oct 04 2017 (set) (current_events.rules)
2828148 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit Card Number Phish Oct 04 2017 (current_events.rules)
2828149 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 234 (mobile_malware.rules)
2828150 - ETPRO TROJAN Banker.Win32.Capper/Tepoyx.A Checkin (trojan.rules)
2828151 - ETPRO TROJAN Xwdoor Variant HTTP CnC Beacon (trojan.rules)
2828152 - ETPRO TROJAN Ursnif Malicious SSL Certificate Detected (trojan.rules)

[///]     Modified active rules:     [///]

2810637 - ETPRO TROJAN Fleercivet CnC Beacon 2 (trojan.rules)
2811175 - ETPRO TROJAN Luminosity Link RAT CnC Beacon Inbound (trojan.rules)
2815849 - ETPRO TROJAN MegalodonHTTP Traffic to Panel (trojan.rules)
2825611 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing M1 Mar 25 2017 (current_events.rules)
2826551 - ETPRO CURRENT_EVENTS Successful Banking Phish M1 May 31 2017 (current_events.rules)
2826593 - ETPRO TROJAN TCP DNS Query Domain .bit (trojan.rules)
2827580 - ETPRO TROJAN W32/Emotet.v4 Checkin 2 (trojan.rules)
2827962 - ETPRO TROJAN Malicious Domain in SNI (Backconnet RAT PWStealer Module DL) (trojan.rules)
2827963 - ETPRO TROJAN MSIL/Backconnet RAT CnC info Command Reply (trojan.rules)
2827964 - ETPRO TROJAN MSIL/Backconnet RAT CnC info Command Reply 2 (trojan.rules)
2827965 - ETPRO TROJAN MSIL/Backconnet RAT CnC Plg Command Reply (trojan.rules)
2827966 - ETPRO TROJAN MSIL/Backconnet RAT CnC PW Command (trojan.rules)
2828125 - ETPRO TROJAN Observed Ovidiy/Reborn Stealer in SNI via SSL (trojan.rules)
2828128 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP M2 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2826953 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 29 2017 (current_events.rules)

Date: 
Wednesday, October 4, 2017 - 00:00