Daily Ruleset Update Summary 2017/12/22

[***]            Summary:            [***]

3 new Open, 42 new Pro (3 + 39). Win32/Backdoor.Agent.qweydh, APT28 XAgent Domains, DreamSmasher CnC,  Various Phishing.

Thanks: Arvind Kumar

[+++]          Added rules:          [+++]

Open:

2025170 - ET TROJAN Win32/Backdoor.Agent.qweydh CnC Checkin M1 (trojan.rules)
2025171 - ET TROJAN Win32/Backdoor.Agent.qweydh CnC Checkin M2 (trojan.rules)
2025172 - ET TROJAN Win32/Backdoor.Agent.qweydh CnC Activity (trojan.rules)

Pro:

2829021 - ETPRO CURRENT_EVENTS Successful PlayStation Phish 2017-12-22 (current_events.rules)
2829022 - ETPRO USER_AGENTS Observed Known CryptoMining UA (Miner) (user_agents.rules)
2829023 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2017-12-22 (current_events.rules)
2829024 - ETPRO TROJAN APT28 XAgent Domain (fsportal .net in DNS Lookup) (trojan.rules)
2829025 - ETPRO TROJAN APT28 XAgent Domain (meteost .com in DNS Lookup) (trojan.rules)
2829026 - ETPRO TROJAN APT28 XAgent Domain (movieultimate .com in DNS Lookup) (trojan.rules)
2829027 - ETPRO TROJAN APT28 XAgent Domain (fastdataexchange .org in DNS Lookup) (trojan.rules)
2829028 - ETPRO TROJAN APT28 XAgent Domain (newfilmts .com in DNS Lookup) (trojan.rules)
2829029 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 1) (trojan.rules)
2829030 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 2) (trojan.rules)
2829031 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 3) (trojan.rules)
2829032 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 4) (trojan.rules)
2829033 - ETPRO TROJAN DreamSmasher CnC DeleteFile Request (trojan.rules)
2829034 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 5) (trojan.rules)
2829035 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 6) (trojan.rules)
2829036 - ETPRO TROJAN DreamSmasher CnC Download File Request (trojan.rules)
2829037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-22 7) (trojan.rules)
2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (NDF5eWJUWEZnYk4yeGJSTWlyaWE3R0puM2pnSENaOERwSnpXYVJMZ0FOTnVFZExuR2tFU2prdUdFOFZrakdvM29UV2syOTVpaFJYTnkxQUNmdXNCdjl4ejRwZEpMOEQ6eA==) (trojan.rules)
2829039 - ETPRO TROJAN DreamSmasher CnC EditFileProperty Request (trojan.rules)
2829040 - ETPRO TROJAN DreamSmasher CnC GetDate Request (trojan.rules)
2829041 - ETPRO TROJAN DreamSmasher CnC GetIPAddress Request (trojan.rules)
2829042 - ETPRO TROJAN DreamSmasher CnC GetManufacturer Request (trojan.rules)
2829043 - ETPRO TROJAN DreamSmasher CnC GetModel Request (trojan.rules)
2829044 - ETPRO TROJAN DreamSmasher CnC GetPowershellVersion Request (trojan.rules)
2829045 - ETPRO TROJAN DreamSmasher CnC GetProcessorArch Request (trojan.rules)
2829046 - ETPRO TROJAN DreamSmasher CnC GetSyslang Request (trojan.rules)
2829047 - ETPRO TROJAN DreamSmasher CnC GetTotalMemory Request (trojan.rules)
2829048 - ETPRO TROJAN DreamSmasher CnC GetWorkingDirectory Request (trojan.rules)
2829049 - ETPRO TROJAN DreamSmasher CnC Screenshot Request (trojan.rules)
2829050 - ETPRO TROJAN DreamSmasher CnC StartProcess Request (trojan.rules)
2829051 - ETPRO TROJAN DreamSmasher CnC WriteFile Request (trojan.rules)
2829052 - ETPRO TROJAN DreamSmasher CnC GetCurrentUser Request (trojan.rules)
2829053 - ETPRO TROJAN DreamSmasher CnC GetOSVersion Request (trojan.rules)
2829054 - ETPRO TROJAN DreamSmasher CnC GetUsername Request (trojan.rules)
2829055 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2017-12-22 (current_events.rules)
2829056 - ETPRO TROJAN Observed Request for xmrig.exe in - Coinminer Download (trojan.rules)
2829057 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish 2017-12-22 (current_events.rules)
2829058 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2017-12-22 (current_events.rules)
2829059 - ETPRO CURRENT_EVENTS Possible Successful Banco Pichincha Phish 2017-12-22 (current_events.rules)

Date: 
Friday, December 22, 2017 - 00:00