Daily Ruleset Update Summary 2017/11/20

[***]            Summary:            [***]

2 new Open, 14 new Pro (2 + 12). GootKit, MSIL/Agent.NJ RAT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2023137 - ET CURRENT_EVENTS Possible Successful Phish to .tk domain Aug 26 2016 (current_events.rules)
2025013 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 20 2017 (current_events.rules)

Pro:

2828652 - ETPRO MALWARE LabTechAgent PUA CnC Checkin (malware.rules)
2828653 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 8 (trojan.rules)
2828654 - ETPRO TROJAN Malicious SSL certificate detected (TrickBot C2) (trojan.rules)
2828655 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 20 2017 (current_events.rules)
2828656 - ETPRO CURRENT_EVENTS Microsoft Live Account Verification Phishing Landing Nov 20 2017 (current_events.rules)
2828657 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 20 2017 (current_events.rules)
2828658 - ETPRO TROJAN MSIL/Agent.NJ RAT CnC Checkin (trojan.rules)
2828659 - ETPRO TROJAN MSIL/Agent.NJ RAT EXE Payload Inbound (trojan.rules)
2828661 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in DNS Lookup) (trojan.rules)
2828662 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in DNS Lookup) (trojan.rules)
2828663 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in SNI) (trojan.rules)
2828664 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in SNI) (trojan.rules)

[///]     Modified active rules:     [///]

2018784 - ET TROJAN Win32/Neurevt.A/Betabot Check-in 4 (trojan.rules)
2019158 - ET TROJAN Possible Malicious Invoice EXE (trojan.rules)
2024998 - ET CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017 (current_events.rules)
2808793 - ETPRO TROJAN Win32.Androm.cxb Requesting PE (trojan.rules)
2826043 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Apr 20 2017 (current_events.rules)

[---]         Removed rules:         [---]

2023137 - ET INFO Suspicious POST to .tk domain with Password (info.rules)

Date: 
Monday, November 20, 2017 - 00:00