Daily Ruleset Update Summary 2017/10/11

[***]            Summary:            [***]

1 new Open, 19 new Pro (1 + 18). Powersource/DNSMessenger, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024836 - ET CURRENT_EVENTS SUSPICIOUS DOC Download from commonly abused file share site (current_events.rules)

Pro:

2816898 - ETPRO CURRENT_EVENTS Commonly Abused File Sharing Site SSL Cert Inbound (current_events.rules)
2828233 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a .pomf .cat in DNS Lookup) (info.rules)
2828234 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a .pomf .cat in TLS SNI) (info.rules)
2828235 - ETPRO TROJAN DNSMessenger CnC Beacon via DNS (trojan.rules)
2828236 - ETPRO TROJAN DNSMessenger Stage2 CnC Beacon via DNS (trojan.rules)
2828237 - ETPRO CURRENT_EVENTS Microsoft OneDrive Phishing Landing Oct 11 2017 (current_events.rules)
2828238 - ETPRO CURRENT_EVENTS Generic Multi-Account Phishing Landing Oct 11 2017 (current_events.rules)
2828239 - ETPRO MOBILE_MALWARE Android/HiddenApp.FH CnC Beacon (mobile_malware.rules)
2828240 - ETPRO CURRENT_EVENTS Successful Personalized Google Account Phish Oct 11 2017 (current_events.rules)
2828241 - ETPRO CURRENT_EVENTS Successful AT&T Phish Oct 11 2017 (current_events.rules)
2828242 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 11 2017 (current_events.rules)
2828243 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 11 2017 (current_events.rules)
2828244 - ETPRO TROJAN Win32/Generik.CNZXUBR CnC Checkin (trojan.rules)
2828245 - ETPRO CURRENT_EVENTS Successful CartaSi Phish Oct 11 2017 (current_events.rules)
2828246 - ETPRO TROJAN Powersource/DNSMessenger Process List CnC Checkin via HTTP (trojan.rules)
2828247 - ETPRO CURRENT_EVENTS Successful Microsoft Secure Your Account Phish Oct 11 2017 (current_events.rules)
2828248 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.JY Reporting Infection via SMTP (mobile_malware.rules)
2828249 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Oct 11 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2010781 - ET POLICY PsExec service created (policy.rules)
2811878 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.gz Checkin via SMTP (mobile_malware.rules)
2814042 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 22 2015 (current_events.rules)
2814082 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Sept 24 2015 (current_events.rules)
2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015 (current_events.rules)
2814085 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Sept 24 2015 (current_events.rules)
2814086 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Sept 24 2015 (current_events.rules)
2820801 - ETPRO CURRENT_EVENTS Possible barclays .co. uk Phishing Domain Jun 22 2016 (current_events.rules)
2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016 (current_events.rules)
2823934 - ETPRO CURRENT_EVENTS Possible Successful *.myjino. ru Phish Dec 16 2016 (current_events.rules)
2826018 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bna CnC Beacon (mobile_malware.rules)
2826020 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bna CnC Beacon 2 (mobile_malware.rules)
2828207 - ETPRO WEB_CLIENT Microsoft Internet Explorer EOT OOB Vulnerability (CVE-2017-11763) (web_client.rules)

[---]  Disabled and modified rules:  [---]

2823668 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Dec 07 2016 (current_events.rules)

[---]         Removed rules:         [---]

2816898 - ETPRO TROJAN Maldoc Downloader SSL Cert Apr 04 (trojan.rules)

Date: 
Wednesday, October 11, 2017 - 00:00