Daily Ruleset Update Summary 2017/11/06

[***]            Summary:            [***]

16 new Open, 34 new Pro (16 + 18). SAD Ransomware, OceanLotus JavaScript, Win32/Randrew!rfn, Lena/BKDR_ANEL, Various Mobile, Various Phishing.

Thanks: @Volexity, @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024779 - ET POLICY DNS Query For Browser Cryptocurrency Mining Domain (policy.rules)
2024954 - ET TROJAN SAD Ransomware CnC Activity (trojan.rules)
2024955 - ET TROJAN [PTsecurity] Win32/Randrew!rfn CnC Activity (trojan.rules)
2024956 - ET TROJAN RouteX CnC Domain (cba4a6e5d3c956548a337c52388473f1 .com in DNS Lookup) (trojan.rules)
2024957 - ET TROJAN RouteX CnC Domain (0a0074066c49886a39b5a3072582f5d6 .net in DNS Lookup) (trojan.rules)
2024958 - ET TROJAN RouteX CnC Domain (73780fbd309561e201a4aee9914d882d .org in DNS Lookup) (trojan.rules)
2024959 - ET TROJAN RouteX CnC Domain (dcb5684707f6c66492aaa9f7d9bfb5a6 .biz in DNS Lookup) (trojan.rules)
2024960 - ET TROJAN RouteX CnC Domain (322ffbbc7c1b312c2f9d942f20422f8d .com in DNS Lookup) (trojan.rules)
2024961 - ET TROJAN RouteX CnC Domain (18bca7c5fd709ac468ba148c590ef6bf .net in DNS Lookup) (trojan.rules)
2024962 - ET TROJAN RouteX CnC Domain (aaafc94b3a37b75ae9cb60afc42e86fe .org in DNS Lookup) (trojan.rules)
2024963 - ET TROJAN RouteX CnC Domain (c13a856f4a879a89e9a638207efd6c94 .biz in DNS Lookup) (trojan.rules)
2024964 - ET TROJAN RouteX CnC Domain (2fa3c2fa16c47d9b9bff8986a42b048f .com in DNS Lookup) (trojan.rules)
2024965 - ET TROJAN RouteX CnC Domain (3ec9b600789b3bacf2c72ebae142a9c3 .net in DNS Lookup) (trojan.rules)
2024966 - ET TROJAN Volex – OceanLotus JavaScript Load (connect.js) (trojan.rules)
2024967 - ET TROJAN Volex – OceanLotus JavaScript Fake Page URL Builder Response (trojan.rules)
2024968 - ET TROJAN Volex – OceanLotus System Profiling JavaScript (linkStorage.x00SOCKET) (trojan.rules)

Pro:

2814040 - ETPRO CURRENT_EVENTS Successful Wire Transfer Phish Sept 22 2015 (current_events.rules)
2828534 - ETPRO TROJAN Win32/Remcos RAT Checkin 7 (trojan.rules)
2828535 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin (trojan.rules)
2828536 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 1 (trojan.rules)
2828537 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 2 (trojan.rules)
2828538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.dot Checkin (mobile_malware.rules)
2828539 - ETPRO CURRENT_EVENTS Evil Redirector Leading to MalDoc Keitaro TDS Nov 6 2017 (current_events.rules)
2828540 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Nov 6 2017 (current_events.rules)
2828541 - ETPRO TROJAN Win32/Leviwa CnC Checkin (trojan.rules)
2828542 - ETPRO CURRENT_EVENTS Successful Apple Phish Nov 06 2017 (current_events.rules)
2828543 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828544 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828545 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 06 2017 (current_events.rules)
2828546 - ETPRO TROJAN Observed Malicious Coinminer Downloader Domain in SNI (trojan.rules)
2828547 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Nov 06 2017 (current_events.rules)
2828548 - ETPRO CURRENT_EVENTS Successful Generic Phish to HTTrack Mirrored Website (current_events.rules)
2828549 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M1 Nov 06 2017 (current_events.rules)
2828550 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M2 Nov 06 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2015478 - ET CURRENT_EVENTS Possible Unknown TDS /top2.html (current_events.rules)
2021645 - ET TROJAN APT Cheshire Cat DNS Lookup (holidayapartments4you. com) (trojan.rules)
2023249 - ET CURRENT_EVENTS Possible EITest Flash Redirect Sep 19 2016 (current_events.rules)
2024933 - ET TROJAN IoT_reaper DNS Lookup M4 (trojan.rules)
2024934 - ET TROJAN IoT_reaper DNS Lookup M5 (trojan.rules)
2024935 - ET TROJAN IoT_reaper DNS Lookup M6 (trojan.rules)
2024936 - ET TROJAN IoT_reaper DNS Lookup M7 (trojan.rules)
2827414 - ETPRO MALWARE MSIL/AdWare.Dotdo PUA CnC Checkin 1 (malware.rules)

[---]  Disabled and modified rules:  [---]

2821954 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Sept 1 2016 (current_events.rules)
2821978 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept M2 1 2016 (current_events.rules)
2825136 - ETPRO CURRENT_EVENTS Successful Generic Phish Feb 24 2017 (current_events.rules)
2826179 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Apr 28 2017 (current_events.rules)
2826476 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 22 2017 (current_events.rules)
2826477 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 23 2017 (current_events.rules)
2827889 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017 (current_events.rules)

[---]         Removed rules:         [---]

2024779 - ET CURRENT_EVENTS DNS Query For Browser Cryptocurrency Mining Domain (current_events.rules)

Date: 
Monday, November 6, 2017 - 00:00