Daily Ruleset Update Summary 2017/10/06

[***]            Summary:            [***]

2 new Open, 23 new Pro (2 + 21). Struts S2-053-CVE-2017-12611, FreeMilk Beacon, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2024814 - ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M1 (exploit.rules)
2024815 - ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2 (exploit.rules)

Pro:

2828171 - ETPRO CURRENT_EVENTS Successful Mcafee Support Phish Oct 06 2017 (current_events.rules)
2828172 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 1) (trojan.rules)
2828173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 2) (trojan.rules)
2828174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 3) (trojan.rules)
2828175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 4) (trojan.rules)
2828176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 5) (trojan.rules)
2828177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 6) (trojan.rules)
2828178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 7) (trojan.rules)
2828179 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 8) (trojan.rules)
2828180 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 9) (trojan.rules)
2828181 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 10) (trojan.rules)
2828182 - ETPRO TROJAN DNS Query FreeMilk Payload CnC Server (trojan.rules)
2828183 - ETPRO TROJAN Possible FreeMilk Beacon to CnC 1 (trojan.rules)
2828184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) (trojan.rules)
2828185 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (bG9naWphMS4xOng=) (trojan.rules)
2828186 - ETPRO CURRENT_EVENTS Successful Cox Phish Oct 06 2017 (current_events.rules)
2828187 - ETPRO TROJAN Agent.ATF/Slove Backdoor Checkin (trojan.rules)
2828188 - ETPRO CURRENT_EVENTS Successful Google Account/Adwords Phish Oct 06 2017 (current_events.rules)
2828189 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M2 (trojan.rules)
2828190 - ETPRO MALWARE Win32/FileFinder Adware Install Activity (malware.rules)
2828191 - ETPRO TROJAN Observed Malicious SSL Cert (Fake O356 Installer) (trojan.rules)

[///]     Modified active rules:     [///]

2017656 - ET TROJAN W32/InstallMonster.Downloader Checkin (trojan.rules)
2019785 - ET CURRENT_EVENTS PayPal Phishing Landing Nov 24 2014 (current_events.rules)
2021528 - ET TROJAN KINS/ZeusVM Variant Retrieving Config (trojan.rules)
2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 01 2015 (current_events.rules)
2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20 2016 (current_events.rules)
2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M1 Jul 21 2016 (current_events.rules)
2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M2 Jul 21 2016 (current_events.rules)
2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M1 Aug 09 2016 (current_events.rules)
2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M2 Aug 09 2016 (current_events.rules)
2812958 - ETPRO CURRENT_EVENTS Account Phishing Landing Sept 10 2015 (current_events.rules)
2814773 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 5 2015 (current_events.rules)
2815951 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish M2 Jan 25 2016 (current_events.rules)
2816490 - ETPRO CURRENT_EVENTS Apple Phishing Landing Redirect M1 Mar 02 2016 (current_events.rules)
2816734 - ETPRO CURRENT_EVENTS Chase Phishing Obfuscated Landing Mar 23 2016 (current_events.rules)
2819807 - ETPRO CURRENT_EVENTS Redirect to Adobe Shared Document Phishing M1 Apr 15 2016 (current_events.rules)
2819808 - ETPRO CURRENT_EVENTS Redirect to Adobe Shared Document Phishing M2 Apr 15 2016 (current_events.rules)
2823641 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Dec 05 2016 (current_events.rules)
2827384 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step Phish Aug 03 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2021892 - ET CURRENT_EVENTS Successful Phish Yahoo Credentials Oct 1 (current_events.rules)
2022084 - ET CURRENT_EVENTS Successful Revalidation Phish Nov 13 M1 (current_events.rules)
2816018 - ETPRO CURRENT_EVENTS Successful Email Account Phishing Feb 1 (current_events.rules)

Date: 
Friday, October 6, 2017 - 00:00