Daily Ruleset Update Summary 2017/11/13

[***] Summary: [***]

2 new Open signatures, 5 new Pro (2 + 3).  Actiontec C1000A backdoor, IcedID, Banload.

[+++]          Added rules:          [+++]

Open:

2024979 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2024980 - ET EXPLOIT Actiontec C1000A backdoor account (exploit.rules)

Pro:

2828621 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Nov 13 2017 (current_events.rules)
2828622 - ETPRO TROJAN Win32.Nomepasta Banload Variant Checkin (trojan.rules)
2828623 - ETPRO TROJAN ALMA Communicator C2 (trojan.rules)

[///]     Modified active rules:     [///]

2009028 - ET TROJAN 404 Response with an EXE Attached - Likely Malware Drop (trojan.rules)
2010868 - ET TROJAN Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile (trojan.rules)
2812536 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish Aug 19 2015 (current_events.rules)
2812537 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish Fake Error Page Aug 19 2015 (current_events.rules)
2812559 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish M1 Aug 20 2015 (current_events.rules)
2812600 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish M2 Aug 20 2015 (current_events.rules)
2812601 - ETPRO CURRENT_EVENTS Successful OWA Account Phish Aug 20 2015 (current_events.rules)
2812688 - ETPRO CURRENT_EVENTS Successful Navy Credit Union Account Phish Aug 25 2015 (current_events.rules)
2812759 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 27 2015 (current_events.rules)
2812760 - ETPRO CURRENT_EVENTS Successful Webmail Phish Aug 27 2015 (current_events.rules)
2824353 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish Jan 11 2017 (current_events.rules)
2827507 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Aug 14 2017 (current_events.rules)

Date: 
Monday, November 13, 2017 - 00:00