Daily Ruleset Update Summary 2017/10/10

[***]            Summary:            [***]

7 new Open, 38 new Pro (7 + 31). APT.Vemics CnC, CVE-2017-11763, Various Phishing, Various Mobile.

SID to CVE map for MS Tuesday (MAPP) rules: 
CVE-2017-11763 -> 2828207

[+++]          Added rules:          [+++]

Open:

2024829 - ET INFO Download of Embedded OpenType (EOT) File flowbit set (info.rules)
2024830 - ET POLICY Observed IP Lookup Domain (formyip .com in DNS Lookup) (policy.rules)
2024831 - ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup) (policy.rules)
2024832 - ET POLICY Observed IP Lookup Domain (formyip .com in TLS SNI) (policy.rules)
2024833 - ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI) (policy.rules)
2024834 - ET CURRENT_EVENTS Possible Paypal Phishing Domain (IT) Oct 10 2017 (current_events.rules)
2024835 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain (IT) Oct 10 2017 (current_events.rules)

Pro:

2828202 - ETPRO CURRENT_EVENTS Office 365 Phishing Landing Oct 10 2017 (current_events.rules)
2828203 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 22 2017 (current_events.rules)
2828204 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 10 2017 (current_events.rules)
2828205 - ETPRO TROJAN MSIL/Kryptik.JJC IP Check (trojan.rules)
2828206 - ETPRO TROJAN APT.Vemics CnC Beacon (trojan.rules)
2828207 - ETPRO WEB_CLIENT Microsoft Internet Explorer EOT OOB Vulnerability (CVE-2017-11763) (web_client.rules)
2828208 - ETPRO TROJAN RevCode SSL Cert (trojan.rules)
2828209 - ETPRO MOBILE_MALWARE Android/Clicker.JA / WireX Checkin (mobile_malware.rules)
2828210 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 10 2017 (set) (current_events.rules)
2828211 - ETPRO MOBILE_MALWARE Android/Clicker.JA / WireX Checkin 2 (mobile_malware.rules)
2828212 - ETPRO TROJAN AgentTesla Communicating with CnC Server (trojan.rules)
2828213 - ETPRO TROJAN Sage Domain (er29sl .com in DNS Lookup) (trojan.rules)
2828214 - ETPRO CURRENT_EVENTS Successful Isbank (TK) Phish Oct 10 2017 (current_events.rules)
2828215 - ETPRO CURRENT_EVENTS Successful Citibank (BR) Phish Oct 10 2017 (current_events.rules)
2828216 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in DNS Lookup) (trojan.rules)
2828217 - ETPRO CURRENT_EVENTS Successful Personalized Phish Oct 10 2017 (current_events.rules)
2828218 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in TLS SNI) (trojan.rules)
2828219 - ETPRO TROJAN Cerber Domain Observed (1gam57 .top in DNS Lookup) (trojan.rules)
2828220 - ETPRO TROJAN Cerber Domain Observed (1gam57 .top in TLS SNI) (trojan.rules)
2828221 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in DNS Lookup) (trojan.rules)
2828222 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in TLS SNI) (trojan.rules)
2828223 - ETPRO TROJAN Cerber Domain Observed (12efwa .top in DNS Lookup) (trojan.rules)
2828224 - ETPRO TROJAN Cerber Domain Observed (12efwa .top in TLS SNI) (trojan.rules)
2828225 - ETPRO TROJAN Cerber Domain Observed (1jquw7 .top in DNS Lookup) (trojan.rules)
2828226 - ETPRO TROJAN Cerber Domain Observed (1jquw7 .top in TLS SNI) (trojan.rules)
2828227 - ETPRO CURRENT_EVENTS Successful Paypal (IT) Phish Oct 10 2017 (current_events.rules)
2828228 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish Oct 10 2017 (current_events.rules)
2828229 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 10 2017 (current_events.rules)
2828230 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Oct 10 2017 (set) (current_events.rules)
2828231 - ETPRO POLICY IP Lookup l2 . io (policy.rules)
2828232 - ETPRO POLICY IP Lookup formyip . com (policy.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2022094 - ET CURRENT_EVENTS Successful Jimdo Outlook Web App Phishing Nov 16 2105 (current_events.rules)
2022187 - ET CURRENT_EVENTS Generic Phishing Landing Uri Nov 25 2015 (current_events.rules)
2022615 - ET CURRENT_EVENTS Possible Chase Phishing Domain Mar 14 2016 (current_events.rules)
2022616 - ET CURRENT_EVENTS Possible Apple Phishing Domain Mar 14 2016 (current_events.rules)
2022617 - ET CURRENT_EVENTS Possible USAA Phishing Domain Mar 14 2016 (current_events.rules)
2022618 - ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016 (current_events.rules)
2023495 - ET CURRENT_EVENTS Possible Cartasi Phishing Domain Nov 08 2016 (current_events.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2810291 - ETPRO TROJAN NanoCore RAT Keepalive Response 2 (trojan.rules)
2812203 - ETPRO TROJAN Nlex TCP CnC Beacon (trojan.rules)
2814042 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 22 2015 (current_events.rules)
2814082 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Sept 24 2015 (current_events.rules)
2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015 (current_events.rules)
2814085 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Sept 24 2015 (current_events.rules)
2814086 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Sept 24 2015 (current_events.rules)
2815499 - ETPRO CURRENT_EVENTS Anonisma Paypal Phishing Uri Structure Dec 28 2015 (current_events.rules)
2815926 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 22 2016 (current_events.rules)
2816111 - ETPRO CURRENT_EVENTS Common /mpp/ Phishing URI Structure Feb 08 2016 (current_events.rules)
2816733 - ETPRO CURRENT_EVENTS Successful Phish to Compromised Wordpress Site Mar 23 2016 (current_events.rules)
2820534 - ETPRO CURRENT_EVENTS Possible HMRC Phishing Domain Jun 08 2016 (current_events.rules)
2820614 - ETPRO CURRENT_EVENTS Possible Apple Phishing Domain Jun 14 2016 (current_events.rules)
2820762 - ETPRO CURRENT_EVENTS Possible Amazon Phishing Domain Jun 20 2016 (current_events.rules)
2820801 - ETPRO CURRENT_EVENTS Possible barclays .co. uk Phishing Domain Jun 22 2016 (current_events.rules)
2821031 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Jul 11 2016 (current_events.rules)
2823934 - ETPRO CURRENT_EVENTS Possible Successful *.myjino. ru Phish Dec 16 2016 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2814084 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Sept 24 2015 (current_events.rules)
2824812 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Feb 07 2017 (current_events.rules)

Date: 
Tuesday, October 10, 2017 - 00:00