Daily Ruleset Update Summary 2017/10/23

[***] Summary: [***]

16 new Open signatures, 24 new Pro (16 + 8).  OSX/Proton, JadeRAT, Dragonfly APT.

Thanks:  @Antelox and @PerlJam

[+++]          Added rules:          [+++]

Open:

2024888 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in DNS Lookup) (trojan.rules)
2024889 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in TLS SNI) (trojan.rules)
2024890 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in DNS Lookup) (trojan.rules)
2024891 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in TLS SNI) (trojan.rules)
2024892 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in DNS Lookup) (trojan.rules)
2024893 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in TLS SNI) (trojan.rules)
2024894 - ET TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1 (trojan.rules)
2024895 - ET MOBILE_MALWARE Android JadeRAT CnC Beacon (mobile_malware.rules)
2024896 - ET MOBILE_MALWARE Android JadeRAT CnC Beacon 2 (mobile_malware.rules)
2024897 - ET USER_AGENTS Go HTTP Client User-Agent (user_agents.rules)
2024898 - ET TROJAN Possible Dragonfly APT Activity - SMB credential harvesting (trojan.rules)
2024899 - ET TROJAN Possible Dragonfly APT Activity HTTP URI OPTIONS (trojan.rules)
2024900 - ET TROJAN Locky Intermediate Downloader (trojan.rules)
2024901 - ET TROJAN Trickbot Payload Request (trojan.rules)
2024902 - ET TROJAN Observed Malicious SSL Cert (Snatch CnC) (trojan.rules)
2024903 - ET TROJAN Observed Malicious SSL Cert (Snatch CnC) (trojan.rules)

Pro:

2828385 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Oct 23 2017 (current_events.rules)
2828386 - ETPRO CURRENT_EVENTS Office 365 Phishing Landing Oct 23 2017 (current_events.rules)
2828387 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Oct 23 2017 (current_events.rules)
2828388 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC) (trojan.rules)
2828389 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 23 (mobile_malware.rules)
2828390 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Oct 23 2017 (current_events.rules)
2828391 - ETPRO CURRENT_EVENTS Successful National Australian Bank Phish M1 Oct 23 2017 (current_events.rules)
2828392 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Oct 23 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2024720 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Possible Coinhive Javascript Cryptocurrency Mining (current_events.rules)
2823548 - ETPRO CURRENT_EVENTS Successful Generic Brand Phish Nov 30 2016 (current_events.rules)
2824799 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible American Express Phishing (trojan.rules)
2824801 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Paypal Phishing (trojan.rules)
2827202 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Proofpoint Phishing (trojan.rules)
2828234 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a .pomf .cat in TLS SNI) (info.rules)
2828269 - ETPRO TROJAN Malicious Domain CStrike C2 (blockbitcoin .com in TLS SNI) (trojan.rules)
2828278 - ETPRO CURRENT_EVENTS z118 Phishing CSS M1 Oct 12 2017 (current_events.rules)
2828279 - ETPRO CURRENT_EVENTS z118 Phishing CSS M2 Oct 12 2017 (current_events.rules)
2828280 - ETPRO CURRENT_EVENTS z118 Phishing CSS M3 Oct 12 2017 (current_events.rules)
2828326 - ETPRO USER_AGENTS myappname User-Agent (user_agents.rules)
2828328 - ETPRO USER_AGENTS NoBo User-Agent (user_agents.rules)

[---]         Removed rules:         [---]

2827109 - ETPRO TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1 (trojan.rules)
2828184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) (trojan.rules)
2828291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-13 5) (trojan.rules)

Date: 
Monday, October 23, 2017 - 00:00