Daily Ruleset Update Summary 2017/10/18

[***] Summary: [***]

1 new Open signature, 9 new Pro (1 + 8).  VARIOUS PHISHING, Nkdoor, Phandoor.

[+++]          Added rules:          [+++]

Open:

2024850 - ET CURRENT_EVENTS Successful HMRC Phish Oct 18 2017 (current_events.rules)

Pro:

2828333 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Oct 17 2017 (current_events.rules)
2828334 - ETPRO TROJAN Nkdoor Variant CnC Beacon (trojan.rules)
2828335 - ETPRO TROJAN Phandoor Variant CnC Beacon (trojan.rules)
2828336 - ETPRO TROJAN Win32/Agent.SVE Failed CnC Checkin (trojan.rules)
2828337 - ETPRO TROJAN MSIL/PSW.CoinStealer.AZ Sending Base64 Encoded System Info to CnC (trojan.rules)
2828338 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 18 2017 (current_events.rules)
2828339 - ETPRO CURRENT_EVENTS Successful Delta Phish Oct 18 2017 (current_events.rules)
2828340 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 18 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2011800 - ET POLICY Abnormal User-Agent No space after colon - Likely Hostile (policy.rules)
2828256 - ETPRO CURRENT_EVENTS Successful OX App Suite Phish Oct 12 2017 (current_events.rules)
2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)
2828326 - ETPRO TROJAN Possibly Malicious User-Agent (myappname) (trojan.rules)
2828330 - ETPRO TROJAN Possible Magnitude/Magnigate EK Server HTTP Response Header (trojan.rules)
2828332 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)

[---]  Disabled and modified rules:  [---]

2016921 - ET INFO Suspicious Mozilla UA with no Space after colon (info.rules)

Date: 
Wednesday, October 18, 2017 - 00:00