Daily Ruleset Update Summary 2018/01/16

[***]            Summary:            [***]

5 new Open, 55 new Pro (5 + 50). Possible APT28 DNS,OSX/Mami, Colony Rootkit, Various Phishing.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2025199 - ET TROJAN OSX/Mami CnC Checkin (trojan.rules)
2025200 - ET TROJAN OSX/Mami Possible DNS Query to Evil DNS Server (trojan.rules)
2025201 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in TLS SNI) (trojan.rules)
2025202 - ET TROJAN [PTsecurity] Trojan.Downloader VBA Script obfuscation (binary_getter) (trojan.rules)
2025203 - ET USER_AGENTS [PTsecurity] Possible Trojan.Downloader UserAgent (binary_getter) (user_agents.rules)

Pro:

2828743 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound (current_events.rules)
2829272 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829273 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829274 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829275 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829276 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829277 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829278 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829279 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829280 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829281 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829282 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829283 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829284 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829285 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829286 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829287 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829288 - ETPRO TROJAN Colony Rootkit Downloader CnC Checkin (trojan.rules)
2829289 - ETPRO TROJAN Colony Rootkit Downloader Requesting Payload (trojan.rules)
2829290 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL) (trojan.rules)
2829291 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-01-16 (current_events.rules)
2829292 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-16 (current_events.rules)
2829293 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing 2018-01-16 (current_events.rules)
2829294 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-01-16 (current_events.rules)
2829295 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish 2018-01-16 (current_events.rules)
2829296 - ETPRO TROJAN MSIL/Backdoor.Magoo Retrieving Server Info (trojan.rules)
2829297 - ETPRO MALWARE MSIL/AdFraudClicker Activity M2 (malware.rules)
2829298 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-01-16 (current_events.rules)
2829299 - ETPRO CURRENT_EVENTS Successful BNZ Internet Banking Phish 2018-01-16 (current_events.rules)
2829300 - ETPRO CURRENT_EVENTS Successful Oney (FR) Phish 2018-01-16 M1 (current_events.rules)
2829301 - ETPRO CURRENT_EVENTS Successful Oney (FR) Phish 2018-01-16 M2 (current_events.rules)
2829302 - ETPRO CURRENT_EVENTS Successful Optus Webmail Phish 2018-01-16 (current_events.rules)
2829303 - ETPRO CURRENT_EVENTS Successful Smartsheet Phish 2018-01-16 (current_events.rules)
2829304 - ETPRO TROJAN Compromised Legitimate Website Lazarus Group Downloader SSL Cert (trojan.rules)
2829305 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Upgrade Phish 2018-01-16 (current_events.rules)
2829306 - ETPRO CURRENT_EVENTS Successful Microsoft/Hotmail Account Phish 2018-01-16 (current_events.rules)
2829307 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 1) (trojan.rules)
2829308 - ETPRO TROJAN MSIL/Remcos Variant CnC Checkin (trojan.rules)
2829309 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 2) (trojan.rules)
2829310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 3) (trojan.rules)
2829311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 4) (trojan.rules)
2829312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 5) (trojan.rules)
2829313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 7) (trojan.rules)
2829314 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 8) (trojan.rules)
2829315 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 10) (trojan.rules)
2829316 - ETPRO CURRENT_EVENTS Fedex Phishing Landing 2018-01-16 (current_events.rules)
2829317 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-01-16 (current_events.rules)
2829318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 6) (trojan.rules)
2829319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-16 9) (trojan.rules)
2829320 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-01-16 (current_events.rules)

[///]     Modified active rules:     [///]

2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request (Operation Cleaver) (trojan.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2814040 - ETPRO CURRENT_EVENTS Successful Wire Transfer Phish Sept 22 2015 (current_events.rules)

[---]         Removed rules:         [---]

2828743 - ETPRO TROJAN Malicious VBScript Inbound (trojan.rules)

Date: 
Tuesday, January 16, 2018 - 00:00