Daily Ruleset Update Summary 2017/10/09

[***]            Summary:            [***]

13 new Open, 23 new Pro (13 + 10). CCleaner DGA, Browser Coinminer, Various Phishing, Mobile.

Thanks: @rmkml, @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024816 - ET TROJAN CCleaner Backdoor DGA Jan 2018 (trojan.rules)
2024817 - ET TROJAN CCleaner Backdoor DGA Feb 2018 (trojan.rules)
2024818 - ET TROJAN CCleaner Backdoor DGA Mar 2018 (trojan.rules)
2024819 - ET TROJAN CCleaner Backdoor DGA Apr 2018 (trojan.rules)
2024820 - ET TROJAN CCleaner Backdoor DGA May 2018 (trojan.rules)
2024821 - ET TROJAN CCleaner Backdoor DGA Jun 2018 (trojan.rules)
2024822 - ET TROJAN CCleaner Backdoor DGA Jul 2018 (trojan.rules)
2024823 - ET TROJAN CCleaner Backdoor DGA Aug 2018 (trojan.rules)
2024824 - ET TROJAN CCleaner Backdoor DGA Sep 2018 (trojan.rules)
2024825 - ET TROJAN CCleaner Backdoor DGA Oct 2018 (trojan.rules)
2024826 - ET TROJAN CCleaner Backdoor DGA Nov 2018 (trojan.rules)
2024827 - ET TROJAN CCleaner Backdoor DGA Dec 2018 (trojan.rules)
2024828 - ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer (crypto-loot[.]com) (current_events.rules)

Pro:

2828192 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Oct 09 2017 (current_events.rules)
2828193 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Oct 09 2017 (current_events.rules)
2828194 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 235 (mobile_malware.rules)
2828195 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 236 (mobile_malware.rules)
2828196 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 237 (mobile_malware.rules)
2828197 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Ubsod.c Checkin (mobile_malware.rules)
2828198 - ETPRO TROJAN Unknown.BR Banker Checkin (trojan.rules)
2828199 - ETPRO TROJAN Possible Apple Phishing SNI (trojan.rules)
2828200 - ETPRO TROJAN Bladabindi Downloader Domain Observed in SNI (trojan.rules)
2828201 - ETPRO TROJAN W32.Gafanhoto.BR Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2015896 - ET TROJAN Andromeda Check-in Response (trojan.rules)
2019785 - ET CURRENT_EVENTS PayPal Phishing Landing Nov 24 2014 (current_events.rules)
2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 01 2015 (current_events.rules)
2022094 - ET CURRENT_EVENTS Successful Jimdo Outlook Web App Phishing Nov 16 2105 (current_events.rules)
2022187 - ET CURRENT_EVENTS Generic Phishing Landing Uri Nov 25 2015 (current_events.rules)
2022615 - ET CURRENT_EVENTS Possible Chase Phishing Domain Mar 14 2016 (current_events.rules)
2022616 - ET CURRENT_EVENTS Possible Apple Phishing Domain Mar 14 2016 (current_events.rules)
2022617 - ET CURRENT_EVENTS Possible USAA Phishing Domain Mar 14 2016 (current_events.rules)
2022618 - ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016 (current_events.rules)
2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20 2016 (current_events.rules)
2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M1 Jul 21 2016 (current_events.rules)
2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M2 Jul 21 2016 (current_events.rules)
2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M1 Aug 09 2016 (current_events.rules)
2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M2 Aug 09 2016 (current_events.rules)
2023495 - ET CURRENT_EVENTS Possible Cartasi Phishing Domain Nov 08 2016 (current_events.rules)
2024799 - ET CURRENT_EVENTS Phishing Landing Oct 04 2017 (current_events.rules)
2812325 - ETPRO CURRENT_EVENTS Possible Successful AirCanada Phish M1 Aug 5 2015 (current_events.rules)
2812958 - ETPRO CURRENT_EVENTS Account Phishing Landing Sept 10 2015 (current_events.rules)
2815499 - ETPRO CURRENT_EVENTS Anonisma Paypal Phishing Uri Structure Dec 28 2015 (current_events.rules)
2815926 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 22 2016 (current_events.rules)
2815951 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish M2 Jan 25 2016 (current_events.rules)
2816111 - ETPRO CURRENT_EVENTS Common /mpp/ Phishing URI Structure Feb 08 2016 (current_events.rules)
2816490 - ETPRO CURRENT_EVENTS Apple Phishing Landing Redirect M1 Mar 02 2016 (current_events.rules)
2816701 - ETPRO TROJAN Possible Malicious VBScript calling PowerShell over HTTP (trojan.rules)
2816734 - ETPRO CURRENT_EVENTS Chase Phishing Obfuscated Landing Mar 23 2016 (current_events.rules)
2819807 - ETPRO CURRENT_EVENTS Redirect to Adobe Shared Document Phishing M1 Apr 15 2016 (current_events.rules)
2819808 - ETPRO CURRENT_EVENTS Redirect to Adobe Shared Document Phishing M2 Apr 15 2016 (current_events.rules)
2820534 - ETPRO CURRENT_EVENTS Possible HMRC Phishing Domain Jun 08 2016 (current_events.rules)
2820614 - ETPRO CURRENT_EVENTS Possible Apple Phishing Domain Jun 14 2016 (current_events.rules)
2820762 - ETPRO CURRENT_EVENTS Possible Amazon Phishing Domain Jun 20 2016 (current_events.rules)
2820801 - ETPRO CURRENT_EVENTS Possible barclays.co.uk Phishing Domain Jun 22 2016 (current_events.rules)
2823934 - ETPRO CURRENT_EVENTS Possible Successful *.myjino.ru Phish Dec 16 2016 (current_events.rules)
2827384 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step Phish Aug 03 2017 (current_events.rules)
2827966 - ETPRO TROJAN MSIL/Backconnet RAT CnC PW Command (trojan.rules)

[---]  Disabled and modified rules:  [---]

2024463 - ET CURRENT_EVENTS Successful Generic 107 Phish Jul 13 2017 (current_events.rules)
2812237 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish July 28 (current_events.rules)
2812326 - ETPRO CURRENT_EVENTS Possible Successful AirCanada Phish Aug 5 M2 (current_events.rules)
2824800 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple iCloud Phishing (trojan.rules)
2825239 - ETPRO INFO Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (info.rules)

Date: 
Monday, October 9, 2017 - 00:00