Daily Ruleset Update Summary 2017/12/20

[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8). FormBook, Win32/Backdoor.YesMaster, Various Mobile, Various Phishing.

Thanks: Arvind Kumar

[+++]          Added rules:          [+++]

Open:

2025156 - ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert (trojan.rules)
2025157 - ET TROJAN Win32/Backdoor.YesMaster CnC Checkin (trojan.rules)
2025158 - ET CURRENT_EVENTS Possible Fedex Phishing Landing - Title over non SSL (current_events.rules)
2025159 - ET CURRENT_EVENTS Possible Halkbank (TK) Phishing Landing - Title over non SSL (current_events.rules)
2025160 - ET CURRENT_EVENTS Possible Ziraat Bank (TK) Phishing Landing - Title over non SSL (current_events.rules)

Pro:

2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
2829001 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2017-12-19 (current_events.rules)
2829002 - ETPRO CURRENT_EVENTS Successful BBVA Columbia Phish 2017-12-19 (current_events.rules)
2829003 - ETPRO MOBILE_MALWARE ANDROIDOS_ANUBISSPY Checkin (mobile_malware.rules)
2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
2829005 - ETPRO CURRENT_EVENTS Successful Generic Phish 2017-12-20 (current_events.rules)
2829006 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-20 (current_events.rules)
2829007 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2017-12-20 (current_events.rules)

[///]     Modified active rules:     [///]

2001616 - ET ATTACK_RESPONSE Zone-H.org defacement notification (attack_response.rules)
2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin (mobile_malware.rules)
2828463 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 27 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2828995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 1) (trojan.rules)
2828996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 2) (trojan.rules)
2828997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 3) (trojan.rules)
2828998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 4) (trojan.rules)
2828999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 5) (trojan.rules)

Date: 
Wednesday, December 20, 2017 - 00:00