Daily Ruleset Update Summary 2018/01/10

[***]            Summary:            [***]

4 new Open, 21 new Pro (4 + 17). MeltDown PoC DL, Spectre PoC DL, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2012612 - ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers (info.rules)
2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress (exploit.rules)
2025196 - ET EXPLOIT Possible Spectre PoC Download In Progress (exploit.rules)
2025197 - ET CURRENT_EVENTS Tech Support Phone Scam Landing2018-01-10 (current_events.rules)

Pro:

2829231 - ETPRO TROJAN Win32/Xmrok Coinminer Checkin (trojan.rules)
2829232 - ETPRO CURRENT_EVENTS Secure Cloud Files Phishing Landing2018-01-10 M1 (current_events.rules)
2829233 - ETPRO CURRENT_EVENTS Secure Cloud Files Phishing Landing2018-01-10 M2 (current_events.rules)
2829234 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish2018-01-10 M1 (current_events.rules)
2829235 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish2018-01-10 M2 (current_events.rules)
2829236 - ETPRO CURRENT_EVENTS Successful Secure Cloud Files Phish2018-01-10 M3 (current_events.rules)
2829237 - ETPRO TROJAN Python/CoinMiner Requesting Payload (trojan.rules)
2829238 - ETPRO TROJAN Obfuscated PowerShell Inbound (trojan.rules)
2829239 - ETPRO TROJAN Qarallex RAT Onion Domain (trojan.rules)
2829240 - ETPRO CURRENT_EVENTS Successful ATT Phish2018-01-10 (current_events.rules)
2829241 - ETPRO CURRENT_EVENTS Successful Orange Phish2018-01-10 (current_events.rules)
2829242 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish2018-01-10 (current_events.rules)
2829243 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-10 (current_events.rules)
2829244 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-10 1) (trojan.rules)
2829245 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-10 2) (trojan.rules)
2829246 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-10 3) (trojan.rules)
2829247 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-10 4) (trojan.rules)

[///]     Modified active rules:     [///]

2011941 - ET WEB_SPECIFIC_APPS Open Source Support Ticket System module.php Local File Inclusion Attempt (web_specific_apps.rules)
2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request (Operation Cleaver) (trojan.rules)
2810654 - ETPRO POLICY Possibly Suspicious example[.]com SSL Cert (policy.rules)
2820780 - ETPRO TROJAN APT SWC Redirected Request June 212016 (trojan.rules)
2822981 - ETPRO CURRENT_EVENTS Successful Dropbox/Docusign Phish Oct282016 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2829187 - ETPRO TROJAN MSIL.NepaCollector CnC M1 (buildInfo) (trojan.rules)
2829188 - ETPRO TROJAN MSIL.NepaCollector CnC M2 (isMaster) (trojan.rules)
2829189 - ETPRO TROJAN MSIL.NepaCollector CnC M3 (getLastError) (trojan.rules)
2829202 - ETPRO TROJAN MSIL/Zbrain PUP/Stealer Installer UA (trojan.rules)

[---]         Removed rules:         [---]

2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers (trojan.rules)
2021645 - ET TROJAN APT Cheshire Cat DNS Lookup (holidayapartments4you. com) (trojan.rules)
2021646 - ET TROJAN APT Cheshire Cat DNS Lookup (euro-rafting[.]com) (trojan.rules)
2021647 - ET TROJAN APT Cheshire Cat DNS Lookup (holidayapartments-Paris[.]com) (trojan.rules)
2021648 - ET TROJAN APT Cheshire Cat DNS Lookup (paris-holidayapartments[.]com) (trojan.rules)
2021649 - ET TROJAN APT Cheshire Cat DNS Lookup (franceholidayapartments[.]com) (trojan.rules)
2021650 - ET TROJAN APT Cheshire Cat DNS Lookup (apartmentsin-paris[.]com) (trojan.rules)
2021651 - ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday[.]com) (trojan.rules)
2021652 - ET TROJAN APT Cheshire Cat DNS Lookup (eurorafting-tr[.]com) (trojan.rules)
2021653 - ET TROJAN APT Cheshire Cat DNS Lookup (turkeyextremerafting[.]com) (trojan.rules)
2021654 - ET TROJAN APT Cheshire Cat DNS Lookup (raftingtours-turkey[.]com) (trojan.rules)
2021655 - ET TROJAN APT Cheshire Cat DNS Lookup (divextreme-ar[.]com) (trojan.rules)
2021656 - ET TROJAN APT Cheshire Cat DNS Lookup (crazy-jump[.]com) (trojan.rules)
2021657 - ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme[.]com) (trojan.rules)
2021658 - ET TROJAN APT Cheshire Cat DNS Lookup (tandemskydive-ar[.]com) (trojan.rules)
2021659 - ET TROJAN APT Cheshire Cat DNS Lookup (groupdive. com) (trojan.rules)
2021660 - ET TROJAN APT Cheshire Cat DNS Lookup (skydivelessons[.]com) (trojan.rules)
2021661 - ET TROJAN APT Cheshire Cat DNS Lookup (bungee4you-br[.]com) (trojan.rules)
2021662 - ET TROJAN APT Cheshire Cat DNS Lookup (brazil-crazybungee[.]com) (trojan.rules)
2021663 - ET TROJAN APT Cheshire Cat DNS Lookup (bungeejumping-br[.]com) (trojan.rules)
2021664 - ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br[.]com) (trojan.rules)
2021665 - ET TROJAN APT Cheshire Cat DNS Lookup (divextreme-au[.]com) (trojan.rules)
2021666 - ET TROJAN APT Cheshire Cat DNS Lookup (crazyjump-uy[.]com) (trojan.rules)
2021667 - ET TROJAN APT Cheshire Cat DNS Lookup (stuntjumps[.]com) (trojan.rules)
2021668 - ET TROJAN APT Cheshire Cat DNS Lookup (tandemskydive-au[.]com) (trojan.rules)
2021669 - ET TROJAN APT Cheshire Cat DNS Lookup (groupdive-au[.]com) (trojan.rules)
2021670 - ET TROJAN APT Cheshire Cat DNS Lookup (au-skydivelessons[.]com) (trojan.rules)
2021671 - ET TROJAN APT Cheshire Cat DNS Lookup (bungee4you-uy[.]com) (trojan.rules)
2021672 - ET TROJAN APT Cheshire Cat DNS Lookup (uruguay-crazybungee[.]com) (trojan.rules)
2021673 - ET TROJAN APT Cheshire Cat DNS Lookup (bungeejumping-uy[.]com) (trojan.rules)
2021674 - ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-uy[.]com) (trojan.rules)
2021675 - ET TROJAN APT Cheshire Cat DNS Lookup (circlesofourlives-ir[.]com) (trojan.rules)
2021676 - ET TROJAN APT Cheshire Cat DNS Lookup (clickflowers-hk[.]com) (trojan.rules)
2021677 - ET TROJAN APT Cheshire Cat DNS Lookup (cropcirclestours[.]com) (trojan.rules)
2021678 - ET TROJAN APT Cheshire Cat DNS Lookup (irelancropcircles[.]com) (trojan.rules)
2021679 - ET TROJAN APT Cheshire Cat DNS Lookup (ir-cool[.]com) (trojan.rules)
2021680 - ET TROJAN APT Cheshire Cat DNS Lookup (magnificentcircles[.]com) (trojan.rules)
2021681 - ET TROJAN APT Cheshire Cat DNS Lookup (china-flowershop[.]com) (trojan.rules)
2021682 - ET TROJAN APT Cheshire Cat DNS Lookup (hongkong-bouquets[.]com) (trojan.rules)
2021683 - ET TROJAN APT Cheshire Cat DNS Lookup (beautifuldaisies[.]com) (trojan.rules)
2021684 - ET TROJAN APT Cheshire Cat DNS Lookup (rosesinchina[.]com) (trojan.rules)

Date: 
Wednesday, January 10, 2018 - 00:00