Daily Ruleset Update Summary 2017/10/13

[***]            Summary:            [***]

3 new Open, 28 new Pro (3 + 25). DNSMessenger, VJworm, Win32/Unk.Stealer, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024842 - ET CURRENT_EVENTS Possible Google Docs Phishing Landing - Title over non SSL (current_events.rules)
2024840 - ET TROJAN DNSMessenger Payload (TXT base64 gzip header) (trojan.rules)
2024841 - ET CURRENT_EVENTS Microsoft Tech Support Scam Landing M1 Oct 13 2017 (current_events.rules)

Pro:

2828306 - ETPRO TROJAN Win32/Unk.Stealer CnC Check-in (trojan.rules)
2828307 - ETPRO TROJAN Win32/Unk.Stealer Requesting Config Update (trojan.rules)
2828283 - ETPRO TROJAN VJworm Checkin (trojan.rules)
2828284 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Oct 13 2016 (current_events.rules)
2828285 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 13 2017 (current_events.rules)
2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)
2828287 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 1) (trojan.rules)
2828288 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 2) (trojan.rules)
2828289 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 3) (trojan.rules)
2828290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 4) (trojan.rules)
2828291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 5) (trojan.rules)
2828292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 6) (trojan.rules)
2828293 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 7) (trojan.rules)
2828294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 8) (trojan.rules)
2828295 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 9) (trojan.rules)
2828296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 10) (trojan.rules)
2828297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 11) (trojan.rules)
2828298 - ETPRO TROJAN Sage Ransomware Variant UDP Activity (trojan.rules)
2828299 - ETPRO CURRENT_EVENTS Successful SFR Phish M1 Oct 13 2017 (current_events.rules)
2828300 - ETPRO CURRENT_EVENTS Successful SFR Phish M2 Oct 13 2017 (current_events.rules)
2828301 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ACD DNS Lookup (mobile_malware.rules)
2828302 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 13 2017 (current_events.rules)
2828303 - ETPRO CURRENT_EVENTS Possible Successful Generic Turkish Banking Phish Oct 13 2017 (current_events.rules)
2828304 - ETPRO CURRENT_EVENTS Generic JS Phishing Redirect Oct 13 2017 (current_events.rules)
2828305 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 13 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2015909 - ET CURRENT_EVENTS Successful Bank of America Phish M1 Oct 01 2012 (current_events.rules)
2015938 - ET CURRENT_EVENTS Chase/Bank of America Phishing Landing Uri Structure Nov 27 2012  (current_events.rules)
2015972 - ET CURRENT_EVENTS Successful PayPal Phish Nov 30 2012 (current_events.rules)
2015980 - ET CURRENT_EVENTS Successful Google Account Phish Dec 04 2012 (current_events.rules)
2016063 - ET CURRENT_EVENTS Successful PayPal Phish Dec 19 2012 (current_events.rules)
2016327 - ET CURRENT_EVENTS Possible Successful Phish - Generic POST to myform.php Feb 01 2013 (current_events.rules)
2018042 - ET CURRENT_EVENTS Apple Phishing Landing Jan 30 2014 (current_events.rules)
2018044 - ET CURRENT_EVENTS Possible Successful Verified by Visa Phish Jan 30 2014 (current_events.rules)
2018045 - ET CURRENT_EVENTS Visa Phishing Landing Jan 30 2014 (current_events.rules)
2018304 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014 (current_events.rules)
2018305 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014 (current_events.rules)
2019781 - ET CURRENT_EVENTS Successful AOL/PayPal Phish Nov 24 2014 (current_events.rules)
2021535 - ET CURRENT_EVENTS Google Drive Phishing Landing M1 July 24 2015 (current_events.rules)
2021536 - ET CURRENT_EVENTS Google Drive Phishing Landing M2 July 24 2015 (current_events.rules)
2021893 - ET CURRENT_EVENTS Potential Data URI Phishing Oct 02 2015 (current_events.rules)
2023760 - ET CURRENT_EVENTS Successful Paypal Phish Jan 23 2017 (current_events.rules)
2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 2016 (current_events.rules)
2024422 - ET CURRENT_EVENTS Amazon Phish Landing Jun 22 2017 (current_events.rules)
2803760 - ETPRO TROJAN Worm.Win32.AutoTsifiri.n DNS Tunnel (trojan.rules)
2810291 - ETPRO TROJAN NanoCore RAT Keepalive Response 2 (trojan.rules)
2812163 - ETPRO CURRENT_EVENTS Apple Phishing Landing Jul 24 2015 (current_events.rules)
2812939 - ETPRO CURRENT_EVENTS Successful Fake Webmail Quota Phish Sept 09 2015 (current_events.rules)
2815030 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phishing Nov 19 2015 (current_events.rules)
2815112 - ETPRO CURRENT_EVENTS Excel Online Phishing Landing Nov 25 2015 (current_events.rules)
2815980 - ETPRO INFO Possible Phishing Landing via Moonfruit M1 Jan 26 2016 (info.rules)
2816343 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing Feb 23 2016 (current_events.rules)
2816346 - ETPRO CURRENT_EVENTS Am3Refh Obfuscated Phishing Landing Feb 22 2016 (current_events.rules)
2816601 - ETPRO CURRENT_EVENTS Adobe Phishing Landing March 08 2016 (current_events.rules)
2820001 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing May 02 2016 (current_events.rules)
2820364 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish May 26 2016 (current_events.rules)
2820371 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish May 26 2016 (current_events.rules)
2820453 - ETPRO CURRENT_EVENTS Adobe Cloud Phishing Landing Jun 02 2016 (current_events.rules)
2820843 - ETPRO CURRENT_EVENTS Shipping Document Phishing Landing Jun 23 2016 (current_events.rules)
2821116 - ETPRO POLICY External IP DNS Lookup wtfismyip (policy.rules)
2825131 - ETPRO MALWARE PUP/MiPony HTTP Request (malware.rules)
2828210 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish Oct 10 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2018043 - ET CURRENT_EVENTS PHISH Visa - Landing Page (current_events.rules)
2020803 - ET CURRENT_EVENTS Successful GoogleFile Phish (current_events.rules)
2022029 - ET CURRENT_EVENTS Jimdo.com Phishing PDF via HTTP (current_events.rules)
2814714 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M1 (current_events.rules)
2822573 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 11 2016 (current_events.rules)

Date: 
Friday, October 13, 2017 - 00:00