Daily Ruleset Update Summary 2018/01/22

[***]            Summary:            [***]

15 new Open, 27 new Pro (15 + 12). MSIL/SamMiner CnC, VBS.ARS Checkin, Various Mobile, Various Phishing.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2025227 - ET INFO Possible Phishing Landing - Common Multiple JS Unescape May 25 2017 (info.rules)
2025228 - ET TROJAN Observed Evrial Domain (projectevrial .ru in DNS Lookup) (trojan.rules)
2025229 - ET CURRENT_EVENTS Email Verification/Upgrade Phishing Landing 2018-01-22 (current_events.rules)
2025230 - ET TROJAN VBS.ARS Checkin (trojan.rules)
2025231 - ET INFO Multiple Javascript Unescapes - Common Obfuscation Observed in Phish Landing (info.rules)
2025232 - ET CURRENT_EVENTS Email Server Mobile Security Settings Phishing Landing 2018-01-22 (current_events.rules)
2025233 - ET CURRENT_EVENTS Dropbox Phishing Landing - Title over non SSL (current_events.rules)
2025234 - ET TROJAN Win32/Rodecap/Travle/PYLOT CnC Checkin M2 (trojan.rules)
2025235 - ET TROJAN MSIL/SamMiner CnC Checkin M1 (trojan.rules)
2025236 - ET CURRENT_EVENTS Possible Compromised Wordpress - Generic Phishing Landing 2018-01-22 (current_events.rules)
2025237 - ET TROJAN MSIL/SamMiner CnC Checkin M2 (trojan.rules)
2025238 - ET INFO Base64 Encoded powershell.exe in HTTP Response M1 (info.rules)
2025239 - ET INFO Base64 Encoded powershell.exe in HTTP Response M2 (info.rules)
2025240 - ET INFO Base64 Encoded powershell.exe in HTTP Response M3 (info.rules)
2025241 - ET TROJAN Unknown Brazilian Banker CnC Activity (trojan.rules)

Pro:

2829365 - ETPRO CURRENT_EVENTS Microsoft Documentation Phishing Landing 2018-01-22 (current_events.rules)
2829366 - ETPRO CURRENT_EVENTS Successful GoDaddy Phish 2018-01-22 (current_events.rules)
2829367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 1) (trojan.rules)
2829368 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 2) (trojan.rules)
2829369 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 3) (trojan.rules)
2829370 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 4) (trojan.rules)
2829371 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 5) (trojan.rules)
2829372 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 6) (trojan.rules)
2829373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 7) (trojan.rules)
2829374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-22 8) (trojan.rules)
2829375 - ETPRO CURRENT_EVENTS Successful IRS Credit Card Information Phish 2018-01-22 (current_events.rules)
2829376 - ETPRO TROJAN SSL/TLS Certificate Observed (Meterpreter) (trojan.rules)

[///]     Modified active rules:     [///]

2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS)) (malware.rules)
2025013 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 20 2017 (current_events.rules)
2822114 - ETPRO TROJAN Etirehni/PYLOT CnC Beacon - Downloaded by Cmstar (trojan.rules)
2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
2829005 - ETPRO CURRENT_EVENTS Successful Generic Phish 2017-12-20 (current_events.rules)

[---]         Removed rules:         [---]

2826541 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Common Multiple JS Unescape May 25 2017 (current_events.rules)

Date: 
Monday, January 22, 2018 - 00:00