Daily Ruleset Update Summary 2017/10/24

[***] Summary: [***]

7 new Open rules, 28 new Pro (7 + 21).  BadRabbit, Qtloader, NanoCore RAT, Formbook Stealer.

Thanks:  @attackdetection

[+++]          Added rules:          [+++]

Open:

2024904 - ET MALWARE [PTsecurity] Adware.FileFinder Activity (malware.rules)
2024905 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (cscc) (trojan.rules)
2024906 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (infpub) (trojan.rules)
2024907 - ET CURRENT_EVENTS Qtloader encrypted payload Oct 19 (1) (current_events.rules)
2024908 - ET CURRENT_EVENTS Qtloader encrypted check-in Oct 19 (1) (current_events.rules)
2024909 - ET CURRENT_EVENTS Qtloader encrypted check-in response Oct 19 (1) (current_events.rules)
2024910 - ET TROJAN BadRabbit Ransomware Payment Onion Domain (trojan.rules)

Pro:

2828393 - ETPRO CURRENT_EVENTS Successful Xapo Cryptocurrency Wallet Phish Oct 24 2017 (current_events.rules)
2828394 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Oct 24 2017 (current_events.rules)
2828395 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Oct 24 2017 (current_events.rules)
2828396 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M1 Oct 24 2017 (current_events.rules)
2828397 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017 (current_events.rules)
2828398 - ETPRO TROJAN NanoCore RAT Keepalive Response 4 (trojan.rules)
2828399 - ETPRO TROJAN NanoCore RAT Keepalive Response 5 (trojan.rules)
2828400 - ETPRO MOBILE_MALWARE Android WannaLocker-A DNS Lookup (mobile_malware.rules)
2828401 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 24 2017 (current_events.rules)
2828402 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 24 2017 (current_events.rules)
2828403 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Oct 24 2017 (current_events.rules)
2828404 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Oct 24 2017 (current_events.rules)
2828405 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Oct 24 2017 (current_events.rules)
2828406 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 24 2017 (current_events.rules)
2828407 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 24 2017 (current_events.rules)
2828408 - ETPRO TROJAN Formbook Stealer Checkin (POST) (trojan.rules)
2828409 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 24 2017 (current_events.rules)
2828410 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Oct 24 2017 (current_events.rules)
2828411 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 24 2017 (current_events.rules)
2828412 - ETPRO CURRENT_EVENTS MalDoc Reporting Infection (current_events.rules)
2828413 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 24 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2024555 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2016 (current_events.rules)
2024888 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in DNS Lookup) (trojan.rules)
2024889 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in TLS SNI) (trojan.rules)
2024890 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in DNS Lookup) (trojan.rules)
2024891 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in TLS SNI) (trojan.rules)
2024892 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in DNS Lookup) (trojan.rules)
2024893 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in TLS SNI) (trojan.rules)
2024901 - ET TROJAN Trickbot Payload Request (trojan.rules)
2806215 - ETPRO EXPLOIT DLink DIR 645 Password Extract attempt (exploit.rules)
2810290 - ETPRO TROJAN NanoCore RAT Keepalive Response 1 (trojan.rules)
2810291 - ETPRO TROJAN NanoCore RAT Keepalive Response 2 (trojan.rules)
2812901 - ETPRO CURRENT_EVENTS Successful Telstra Phish M2 Sep 04 2015 (current_events.rules)
2814783 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 6 2015 (current_events.rules)
2814915 - ETPRO CURRENT_EVENTS Adobe Shared Document Phish Landing Nov 13 2015 (current_events.rules)
2820666 - ETPRO CURRENT_EVENTS Successful Yahoo Phish M1 Jun 15 2016 (current_events.rules)
2828083 - ETPRO CURRENT_EVENTS Possible Successful Chase Phish Sept 28 2017 (current_events.rules)
2828331 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 17 2017 (current_events.rules)

Date: 
Tuesday, October 24, 2017 - 00:00