Daily Ruleset Update Summary 2018/01/02

[***]            Summary:            [***]

3 new Open, 25 new Pro (3 + 22). Win32/CoinMining Loader, Xtrat/XtremeRAT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025178 - ET TROJAN Sharik/Smoke CnC Beacon 9 (trojan.rules)
2025179 - ET TROJAN Qasar Variant Domain (datapeople-cn .com in DNS Lookup) (trojan.rules)
2025180 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)2018-01-02 (current_events.rules)

Pro:

2829118 - ETPRO TROJAN Win32/CoinMining Loader CnC Checkin (trojan.rules)
2829119 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish2018-01-02 M1 (current_events.rules)
2829120 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish2018-01-02 M2 (current_events.rules)
2829121 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish2018-01-02 M3 (current_events.rules)
2829122 - ETPRO CURRENT_EVENTS Successful DHL Phish2018-01-02 (current_events.rules)
2829123 - ETPRO CURRENT_EVENTS Successful Amazon Cancel Order Phish2018-01-02 (current_events.rules)
2829124 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish2018-01-02 (current_events.rules)
2829125 - ETPRO CURRENT_EVENTS Suspicious AutoIt EXE Download (Observed in Maldoc Campaign Dropping Xtrat) (current_events.rules)
2829126 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish2018-01-02 (current_events.rules)
2829127 - ETPRO CURRENT_EVENTS Successful Dropbox (CN) Phish2018-01-02 M1 (current_events.rules)
2829128 - ETPRO CURRENT_EVENTS Successful Dropbox (CN) Phish2018-01-02 M2 (current_events.rules)
2829129 - ETPRO TROJAN Xtrat/XtremeRAT Google PING Connectivity Check (trojan.rules)
2829130 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload2018-01-02 (current_events.rules)
2829131 - ETPRO CURRENT_EVENTS Successful SFR Account Phish2018-01-02 (current_events.rules)
2829132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 1) (trojan.rules)
2829133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 2) (trojan.rules)
2829134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 3) (trojan.rules)
2829135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 4) (trojan.rules)
2829136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 5) (trojan.rules)
2829137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 6) (trojan.rules)
2829138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 8) (trojan.rules)
2829139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-02 9) (trojan.rules)

[///]     Modified active rules:     [///]

2018401 - ET TROJAN Win32.Kazy Checkin (trojan.rules)
2022730 - ET INFO PhishMe.com Phishing Landing Exercise (info.rules)
2023712 - ET CURRENT_EVENTS Paypal Phishing Landing Jan 092017 (current_events.rules)
2024583 - ET CURRENT_EVENTS Possible YapiKredi Bank (TR) Phishing Landing - Title over non SSL (current_events.rules)
2024705 - ET CURRENT_EVENTS Apple Phishing Landing M3 Sep 142017 (current_events.rules)
2814624 - ETPRO TROJAN XtremeRAT CnC Beacon 1 (trojan.rules)
2815129 - ETPRO CURRENT_EVENTS Possible Base64 Obfuscated Phishing Landing2015-11-30 (current_events.rules)
2816734 - ETPRO CURRENT_EVENTS Obfuscated Chase Phishing Landing2016-03-23 (current_events.rules)
2816790 - ETPRO CURRENT_EVENTS L33bo Phishing Landing2016-03-29 (current_events.rules)
2821737 - ETPRO TROJAN Babylon RAT C2 Client Request (trojan.rules)
2822442 - ETPRO CURRENT_EVENTS Multibank Phishing Landing/Redirect (NL) M12016-10-06 (current_events.rules)
2822443 - ETPRO CURRENT_EVENTS SNS Bank Phishing Landing/Redirect (NL) M12016-10-06 (current_events.rules)
2822444 - ETPRO CURRENT_EVENTS SNS Bank Phishing Landing/Redirect/ (NL) M22016-10-06 (current_events.rules)
2822445 - ETPRO CURRENT_EVENTS ASN/Regio Bank Phishing Landing/Redirect (NL) M12016-10-06 (current_events.rules)
2822446 - ETPRO CURRENT_EVENTS ASN/Regio Bank Phishing Landing/Redirect (NL) M22016-10-06 (current_events.rules)
2822447 - ETPRO CURRENT_EVENTS Multibank Phishing Landing/Redirect (NL) M22016-10-06 (current_events.rules)
2823939 - ETPRO CURRENT_EVENTS Obfuscated Phishing Landing Dec 182016 (current_events.rules)
2823940 - ETPRO TROJAN Google Docs Phishing Landing Dec 182016 (trojan.rules)
2823945 - ETPRO CURRENT_EVENTS Microsoft Office Phishing Landing Dec 182016 (current_events.rules)
2824565 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 202017 (current_events.rules)
2824614 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Jan 242017 (current_events.rules)
2824792 - ETPRO CURRENT_EVENTS Banco Itau Phishing Landing Javascript Feb 062017 (current_events.rules)
2825147 - ETPRO CURRENT_EVENTS Possible Sparkasse Bank Phishing Landing Feb 272017 (current_events.rules)
2828073 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phishing Landing / Fake Android App Sep 272017 (current_events.rules)
2829110 - ETPRO TROJAN Win32/Crimson Variant CnC Checkin (trojan.rules)

[---]         Removed rules:         [---]

2014571 - ET TROJAN HTTP Request to a a known malware domain (sektori.org) (trojan.rules)
2828164 - ETPRO MOBILE_MALWARE ANDROIDOS_HIDDENAPP.HRXZ Checkin (mobile_malware.rules)

Date: 
Tuesday, January 2, 2018 - 00:00