Daily Ruleset Update Summary 2017/11/17

[***] Summary: [***]

6 new Pro signatures.  A lot of modified and disabled signatures.

[+++]          Added rules:          [+++]

2828646 - ETPRO TROJAN Chthonic CnC Beacon 12 (trojan.rules)
2828647 - ETPRO POLICY Observed XMRig Coinminer json Config Inbound (policy.rules)
2828648 - ETPRO TROJAN MSIL/Agent.SFR CnC Activity (trojan.rules)
2828649 - ETPRO TROJAN MSIL/Agent.SFZ RAT CnC Checkin (trojan.rules)
2828650 - ETPRO TROJAN MSIL/Agent.SFZ RAT CnC Response Beacon (trojan.rules)
2828651 - ETPRO TROJAN MSIL/Agent.SFZ RAT CnC Keep-Alive (trojan.rules)

[///]     Modified active rules:     [///]

2005320 - ET USER_AGENTS Suspicious User-Agent (MyAgent) (user_agents.rules)
2008073 - ET USER_AGENTS Suspicious User-Agent (App4) (user_agents.rules)
2022615 - ET CURRENT_EVENTS Possible Chase Phishing Domain Mar 14 2016 (current_events.rules)
2022616 - ET CURRENT_EVENTS Possible Apple Phishing Domain Mar 14 2016 (current_events.rules)
2022617 - ET CURRENT_EVENTS Possible USAA Phishing Domain Mar 14 2016 (current_events.rules)
2022618 - ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016 (current_events.rules)
2023066 - ET CURRENT_EVENTS Possible Bank of America Phishing Domain Aug 15 2016 (current_events.rules)
2023092 - ET CURRENT_EVENTS Possible Google Drive Phishing Domain Aug 25 2016 (current_events.rules)
2023254 - ET TROJAN Book of Eli CnC Checkin  (trojan.rules)
2023495 - ET CURRENT_EVENTS Possible Cartasi Phishing Domain Nov 08 2016 (current_events.rules)
2023596 - ET CURRENT_EVENTS Possible Linkedin Phishing Domain Dec 09 2016 (current_events.rules)
2023775 - ET CURRENT_EVENTS Possible Ebay Phishing Domain Jan 30 2017 (current_events.rules)
2023776 - ET CURRENT_EVENTS Possible Successful Ebay Phish Jan 30 2017 (current_events.rules)
2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02 2017 (current_events.rules)
2023820 - ET CURRENT_EVENTS Possible Successful Chase Phish Feb 02 2017 (current_events.rules)
2023821 - ET CURRENT_EVENTS Possible Successful Apple Phishing Domain Feb 02 2017 (current_events.rules)
2023822 - ET CURRENT_EVENTS Possible Successful USAA Phishing Domain Feb 02 2017 (current_events.rules)
2023823 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain Feb 02 2017 (current_events.rules)
2023824 - ET CURRENT_EVENTS Possible Successful Bank of America Phishing Domain Feb 02 2017 (current_events.rules)
2023825 - ET CURRENT_EVENTS Possible Successful Google Drive Phishing Domain Feb 02 2017 (current_events.rules)
2023826 - ET CURRENT_EVENTS Possible Successful Cartasi Phishing Domain Feb 02 2017 (current_events.rules)
2023827 - ET CURRENT_EVENTS Possible Successful Linkedin Phishing Domain Feb 02 2017 (current_events.rules)
2023828 - ET CURRENT_EVENTS Possible Successful Ebay Phishing Domain Feb 02 2017 (current_events.rules)
2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb 02 2017 (current_events.rules)
2023880 - ET CURRENT_EVENTS Possible Successful Craigslist Phishing Domain Feb 07 2017 (current_events.rules)
2024489 - ET TROJAN Win32/Bitshifter Ransomware CnC Checkin (trojan.rules)
2024834 - ET CURRENT_EVENTS Possible Paypal Phishing Domain (IT) Oct 10 2017 (current_events.rules)
2024835 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain (IT) Oct 10 2017 (current_events.rules)
2025000 - ET CURRENT_EVENTS Possible Successful Phish to Hostinger Domains Apr 4 M4 (current_events.rules)
2815801 - ETPRO CURRENT_EVENTS Successful Formbuddy Credential Phish Submission Jan 15 (current_events.rules)
2816039 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com (set) Feb 2 (current_events.rules)
2816883 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains M1 Apr 4 2016 (current_events.rules)
2816884 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains M2 Apr 4 2016 (current_events.rules)
2816885 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains M3 Apr 4 2016 (current_events.rules)
2816887 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains M5 Apr 4 2016 (current_events.rules)
2820534 - ETPRO CURRENT_EVENTS Possible HMRC Phishing Domain Jun 08 2016 (current_events.rules)
2820614 - ETPRO CURRENT_EVENTS Possible Apple Phishing Domain Jun 14 2016 (current_events.rules)
2820683 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 15 2016 (current_events.rules)
2820684 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 15 2016 (current_events.rules)
2820685 - ETPRO CURRENT_EVENTS Successful USAA Phish Jun 15 (current_events.rules)
2820686 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 15 2016 (current_events.rules)
2820762 - ETPRO CURRENT_EVENTS Possible Amazon Phishing Domain Jun 20 2016 (current_events.rules)
2820801 - ETPRO CURRENT_EVENTS Possible barclays .co. uk Phishing Domain Jun 22 2016 (current_events.rules)
2820810 - ETPRO CURRENT_EVENTS Phishing Landing via my-free.website (set) Jun 21 2016 (current_events.rules)
2820854 - ETPRO CURRENT_EVENTS Phishing Landing via yolasite.com (set) Jun 24 2016 (current_events.rules)
2820877 - ETPRO CURRENT_EVENTS Successful Amazon.com Phish M1 Jun 27 2016 (current_events.rules)
2820920 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M1 Jun 29 2016 (info.rules)
2820921 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M2 Jun 29 2016 (info.rules)
2820922 - ETPRO CURRENT_EVENTS Phishing Landing via udo.photo (set) Jun 28 2016 (current_events.rules)
2820925 - ETPRO CURRENT_EVENTS Phishing Landing via ulcraft.com (set) Jun 28 (current_events.rules)
2820927 - ETPRO CURRENT_EVENTS Phishing Landing via biennale.info (set) Jun 28 (current_events.rules)
2820930 - ETPRO CURRENT_EVENTS Phishing Landing via topstyle.me (set) Jun 28 2016 (current_events.rules)
2822342 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger Domains Sep 30 2016 (current_events.rules)
2822365 - ETPRO CURRENT_EVENTS Phishing Landing via urest.org (set) Oct 03 (current_events.rules)
2824047 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish Dec 23 2016 (current_events.rules)
2826655 - ETPRO CURRENT_EVENTS Successful Webhostapp Hosted Generic Phish Jun 07 2017 (current_events.rules)
2826662 - ETPRO CURRENT_EVENTS Blockchain Phishing Landing Jun 07 2017 (current_events.rules)
2827143 - ETPRO TROJAN Monsoon APT Fake Doc DL (trojan.rules)
2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress .com) (trojan.rules)
2827187 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin M2 (trojan.rules)
2827247 - ETPRO TROJAN Imminent Monitor Style IP Check freegeoip.net (trojan.rules)
2827264 - ETPRO TROJAN MSIL/CoinMiner.WS Variant CnC Checkin (trojan.rules)
2827620 - ETPRO TROJAN SyncCypt EXE Download as .jpg (trojan.rules)
2827919 - ETPRO TROJAN Win32/Aenjaris!rfn Activity (trojan.rules)
2828205 - ETPRO TROJAN MSIL/Kryptik.JJC IP Check (trojan.rules)

[---]  Disabled and modified rules:  [---]

2024000 - ET CURRENT_EVENTS Successful iCloud (CN) Phish Feb 17 2017 (current_events.rules)
2815853 - ETPRO CURRENT_EVENTS Successful Credential Phish via FormLogix Jan 19 (current_events.rules)
2820372 - ETPRO CURRENT_EVENTS Suspicious Domain - Possible Phishing Redirect May 26 (current_events.rules)
2821850 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Aug 25 2016 (current_events.rules)
2821921 - ETPRO CURRENT_EVENTS Successful Square Enix Phish Aug 30 2016 (current_events.rules)
2826465 - ETPRO CURRENT_EVENTS Successful Chase Phish May 22 M1 2017 (current_events.rules)

Date: 
Friday, November 17, 2017 - 00:00