Daily Ruleset Update Summary 2017/11/16

[***]            Summary:            [***]

16 new Open, 23 new Pro (16 + 7). AeroAdmin, Zebrocy, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2024997 - ET CURRENT_EVENTS Successful Generic AES Phish M1 Oct 24 2017 (current_events.rules)
2024998 - ET CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017 (current_events.rules)
2024999 - ET CURRENT_EVENTS Successful OWA Phish Apr 25 2017 (current_events.rules)
2025000 - ET CURRENT_EVENTS Possible Successful Phish to Hostinger Domains Apr 4 M4 (current_events.rules)
2025001 - ET CURRENT_EVENTS Possible Successful Websocket Credential Phish Sep 15 2017 (current_events.rules)
2025002 - ET CURRENT_EVENTS Successful Personalized OWA Webmail Phish Oct 04 2016 (current_events.rules)
2025003 - ET CURRENT_EVENTS Successful TeamIPwned Phish Aug 30 2016 (current_events.rules)
2025004 - ET CURRENT_EVENTS Google Drive Phishing Landing Sept 3 (current_events.rules)
2025005 - ET CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016 (current_events.rules)
2025006 - ET CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016 (current_events.rules)
2025007 - ET TROJAN Powershell commands sent when remote host claims to send an image  (trojan.rules)
2025008 - ET POLICY PTsecurity Remote Desktop AeroAdmin Server Hello (policy.rules)
2025009 - ET POLICY PTsecurity Remote Desktop AeroAdmin handshake (policy.rules)
2025010 - ET TROJAN Powershell commands sent B64 1 (trojan.rules)
2025011 - ET TROJAN Powershell commands sent B64 2 (trojan.rules)
2025012 - ET TROJAN Powershell commands sent B64 3 (trojan.rules)

Pro:

2828639 - ETPRO INFO TCP DNS Query Domain .bit M2 (Namecoin) (info.rules)
2828640 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion Domain in SNI (7wqzov2j5hkklbw6) (trojan.rules)
2828641 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion Domain in SNI (dphux5xrwuaf4yey) (trojan.rules)
2828642 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsSpy.bah Reporting Infection via SMTP (mobile_malware.rules)
2828643 - ETPRO POLICY PhantomX CoinMiner Checkin (policy.rules)
2828644 - ETPRO TROJAN Zebrocy Requesting Stage 2 Payload (trojan.rules)
2828645 - ETPRO TROJAN Zebrocy CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT Lookup (trojan.rules)
2023941 - ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M1 (trojan.rules)
2023942 - ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M2 (trojan.rules)
2023943 - ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M3 (trojan.rules)
2023944 - ET TROJAN Possibly Malicious Double Base64 Unicode Net.ServicePointManager M1 (trojan.rules)
2023945 - ET TROJAN Possibly Malicious Double Base64 Unicode Net.ServicePointManager M2 (trojan.rules)
2023946 - ET TROJAN Possibly Malicious Double Base64 Unicode Net.ServicePointManager M3 (trojan.rules)

[---]         Removed rules:         [---]

2812929 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Sept 3 (current_events.rules)
2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016 (current_events.rules)
2816172 - ETPRO CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016 (current_events.rules)
2816886 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains Apr 4 M4 (current_events.rules)
2821913 - ETPRO CURRENT_EVENTS Successful TeamIPwned Phish Aug 30 2016 (current_events.rules)
2822371 - ETPRO CURRENT_EVENTS Successful Personalized OWA Webmail Phish Oct 04 2016 (current_events.rules)
2826109 - ETPRO CURRENT_EVENTS Successful OWA Phish Apr 25 2017 (current_events.rules)
2826593 - ETPRO TROJAN TCP DNS Query Domain .bit (Namecoin) (trojan.rules)
2827959 - ETPRO CURRENT_EVENTS Possible Successful Websocket Credential Phish Sep 15 2017 (current_events.rules)
2828396 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M1 Oct 24 2017 (current_events.rules)
2828397 - ETPRO CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017 (current_events.rules)

Date: 
Thursday, November 16, 2017 - 00:00