Daily Ruleset Update Summary 2017/12/04

[***]            Summary:            [***]

21 new Open, 60 new Pro (21 + 39). New TLDs, MSIL/Kryptik.LRA, Win32/MewsSpy.AE, Various Mobile, Various Phishing.

Thanks: @CraneHassold

[+++]          Added rules:          [+++]

Open:

2025097 - ET INFO HTTP POST Request to Suspicious *.gdn Domain (info.rules)
2025098 - ET INFO DNS Query for Suspicious .gdn Domain (info.rules)
2025099 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-03 (current_events.rules)
2025100 - ET INFO HTTP POST Request to Suspicious *.gq domain (info.rules)
2025101 - ET INFO HTTP POST Request to Suspicious *.ga Domain (info.rules)
2025102 - ET INFO HTTP POST Request to Suspicious *.ml Domain (info.rules)
2025103 - ET INFO HTTP POST Request to Suspicious *.cf Domain (info.rules)
2025104 - ET INFO DNS Query for Suspicious .gq Domain (info.rules)
2025105 - ET INFO DNS Query for Suspicious .ga Domain (info.rules)
2025106 - ET INFO DNS Query for Suspicious .ml Domain (info.rules)
2025107 - ET INFO DNS Query for Suspicious .cf Domain (info.rules)
2025108 - ET INFO Suspicious Domain (*.gq) in TLS SNI (info.rules)
2025109 - ET INFO Suspicious Domain (*.ga) in TLS SNI (info.rules)
2025110 - ET INFO Suspicious Domain (*.ml) in TLS SNI (info.rules)
2025111 - ET INFO Suspicious Domain (*.cf) in TLS SNI (info.rules)
2025112 - ET INFO Suspicious Domain (*.gdn) in TLS SNI (info.rules)
2025113 - ET CURRENT_EVENTS Possible Credentials Sent to Suspicious TLD via HTTP GET (current_events.rules)
2025114 - ET CURRENT_EVENTS Successful EDU Phish 2017-12-04 (current_events.rules)
2025115 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-04 (current_events.rules)
2025116 - ET POLICY localtunnel Connection Setup Attempt (policy.rules)
2025117 - ET POLICY localtunnel Sucessful Connection Setup (policy.rules)

Pro:

2828750 - ETPRO CURRENT_EVENTS Successful Visa Home Phish 2017-12-02 (current_events.rules)
2828751 - ETPRO CURRENT_EVENTS Successful Mastercard Securecode Phish 2017-12-02 (current_events.rules)
2828752 - ETPRO CURRENT_EVENTS Successful ANZ Internet Banking Phish 2017-12-02 (current_events.rules)
2828753 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2017-12-02 (current_events.rules)
2828754 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2017-12-02 (current_events.rules)
2828755 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2017-12-02 (current_events.rules)
2828756 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish 2017-12-02 (current_events.rules)
2828757 - ETPRO CURRENT_EVENTS Successful Santander Phish 2017-12-03 (current_events.rules)
2828758 - ETPRO CURRENT_EVENTS Successful ADP Mobile Phish 2017-12-03 (current_events.rules)
2828759 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2017-12-03 (current_events.rules)
2828760 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish 2017-12-03 (current_events.rules)
2828761 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 249 (mobile_malware.rules)
2828762 - ETPRO MOBILE_MALWARE Android/Agent.ARZ CnC Beacon (mobile_malware.rules)
2828763 - ETPRO TROJAN GlobeImposter Payment Domain (ugf57wl6uexcj7fu in DNS Lookup) (trojan.rules)
2828764 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.ix Checkin (mobile_malware.rules)
2828765 - ETPRO TROJAN MSIL/Kryptik.LRA Checkin via Google-Analytics (trojan.rules)
2828766 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M1 (current_events.rules)
2828767 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M2 (current_events.rules)
2828768 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M3 (current_events.rules)
2828769 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M4 (current_events.rules)
2828770 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M5 (current_events.rules)
2828771 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M6 (current_events.rules)
2828772 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M7 (current_events.rules)
2828773 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M8 (current_events.rules)
2828774 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2017-12-04 M9 (current_events.rules)
2828775 - ETPRO TROJAN NSIS/Unk.Dropper Dropping EXE (trojan.rules)
2828776 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish 2017-12-04 M1 (current_events.rules)
2828777 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish 2017-12-04 M2 (current_events.rules)
2828778 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 32 (mobile_malware.rules)
2828779 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 33 (mobile_malware.rules)
2828780 - ETPRO CURRENT_EVENTS Successful Halkbank (TK) Phish 2017-12-04 (current_events.rules)
2828781 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda) (trojan.rules)
2828782 - ETPRO TROJAN Zeus Panda Domain (89D9B687AC98 .date in DNS Lookup) (trojan.rules)
2828783 - ETPRO TROJAN Zeus Panda Domain (89d9b687ac10 .faith in DNS Lookup) (trojan.rules)
2828784 - ETPRO TROJAN Win32/MewsSpy.AE CnC Checkin (trojan.rules)
2828785 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2017-12-04 (current_events.rules)
2828786 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2017-12-04 (current_events.rules)
2828787 - ETPRO TROJAN Bladabindi/njRAT CnC Check-in (7738424408T2ZmaWNl) (trojan.rules)
2828788 - ETPRO TROJAN Win32/Banload.Downloader Requesting Payload (trojan.rules)

[///]     Modified active rules:     [///]

2018045 - ET CURRENT_EVENTS Visa Phishing Landing Jan 30 2014 (current_events.rules)
2019876 - ET SCAN SSH BruteForce Tool with fake PUTTY version (scan.rules)
2023458 - ET INFO Possible EXE Download From Suspicious TLD (.gdn) - set (info.rules)
2815659 - ETPRO CURRENT_EVENTS Suspicious Wordpress Redirect - Possible Phishing Landing (set) Jan 7 (current_events.rules)
2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv Refresh) Dec 29 2016 (current_events.rules)
2826114 - ETPRO CURRENT_EVENTS Successful Netflix Payment Information Phish Apr 26 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2812881 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sept 3 M3 (current_events.rules)

Date: 
Monday, December 4, 2017 - 00:00