Daily Ruleset Update Summary 2017/11/02

[***]            Summary:            [***]

1 new Open, 18 new Pro (1 + 17). Multi-Email Phish, MSIL.Mxiupdate, APT28 DNS, Various Mobile.

Thanks: @briz0lator, @401TRG

[+++]          Added rules:          [+++]

Open:

2024942 - ET CURRENT_EVENTS 401TRG Successful Multi-Email Phish - Observed in Docusign/Dropbox/Onedrive/Gdrive Nov 02 2017 (current_events.rules)

Pro:

2828491 - ETPRO TROJAN Bahamut/InPageCampaign MSIL.Mxiupdate Checkin (trojan.rules)
2828492 - ETPRO TROJAN Bahamut/InPageCampaign MSIL.Mxiupdate Domain (mxiplayer .com in TLS SNI) (trojan.rules)
2828493 - ETPRO TROJAN Bahamut/InPageCampaign MSIL.Mxiupdate Domain (encrypzi .com in TLS SNI) (trojan.rules)
2828494 - ETPRO TROJAN Win32/Gibon Ransomware CnC Activity (trojan.rules)
2828495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 1) (trojan.rules)
2828496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 1) (trojan.rules)
2828497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 2) (trojan.rules)
2828498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 3) (trojan.rules)
2828499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 4) (trojan.rules)
2828500 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 5) (trojan.rules)
2828501 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 6) (trojan.rules)
2828502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-01 7) (trojan.rules)
2828503 - ETPRO MOBILE_MALWARE Android/Spy.Banker.TBE CnC Beacon (mobile_malware.rules)
2828504 - ETPRO TROJAN APT28 DDEAUTO DNS Lookup (trojan.rules)
2828505 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828506 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Nov 2 2017 2 (current_events.rules)
2828507 - ETPRO TROJAN Fake Gif Response - Powershell Leading to Trojan (trojan.rules)

[///]     Modified active rules:     [///]

2810636 - ETPRO TROJAN Fleercivet CnC Beacon 1 (trojan.rules)
2812067 - ETPRO TROJAN SOGU DNS CnC Channel TXT Lookup (trojan.rules)
2820384 - ETPRO TROJAN APT.Fimlis CnC Beacon Response (trojan.rules)
2820385 - ETPRO TROJAN APT.Fimlis CnC Beacon (trojan.rules)
2820853 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Luckycat.c Checkin (mobile_malware.rules)
2824864 - ETPRO TROJAN Spy.Banker/Unknown CnC Beacon 1 (trojan.rules)
2828162 - ETPRO MOBILE_MALWARE Android/HiddenApp.CE Checkin (mobile_malware.rules)

Date: 
Thursday, November 2, 2017 - 00:00