Daily Ruleset Update Summary 2018/01/30

[***]            Summary:            [***]

9 new Open, 36 new Pro (9 + 27). Evrial CnC, APT POWERSTAT CnC, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025266 - ET TROJAN Evrial Stealer CnC Activity (trojan.rules)
2025267 - ET INFO Possible Phishing Redirect 2018-01-30 (info.rules)
2025268 - ET CURRENT_EVENTS Impots.gouv.fr Phishing Landing 2018-01-30 (current_events.rules)
2025269 - ET CURRENT_EVENTS Turbotax Phishing Landing 2018-01-30 (current_events.rules)
2025270 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-01-30 (current_events.rules)
2025271 - ET CURRENT_EVENTS Possible Capital One Phishing Landing - Title over non SSL (current_events.rules)
2025272 - ET CURRENT_EVENTS GrandSoft EK IE Exploit Jan 30 2018 (current_events.rules)
2025273 - ET MOBILE_MALWARE Android.Trojan.Marcher.U DNS Lookup (mobile_malware.rules)
2025274 - ET CURRENT_EVENTS Verizon Wireless Phishing Landing 2018-01-30 (current_events.rules)

Pro:

2810166 - ETPRO INFO Commonly Abused File Sharing Site Domain HTTP request (savepic .su) (info.rules)
2829472 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 263 (mobile_malware.rules)
2829473 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 264 (mobile_malware.rules)
2829474 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 265 (mobile_malware.rules)
2829475 - ETPRO CURRENT_EVENTS Successful HMRC Phish 2018-01-30 (current_events.rules)
2829476 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish 2018-01-30 (current_events.rules)
2829477 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-01-30 (current_events.rules)
2829478 - ETPRO CURRENT_EVENTS Successful Apple UI Support Phish 2018-01-30 (current_events.rules)
2829479 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-01-30 (current_events.rules)
2829480 - ETPRO CURRENT_EVENTS Successful TSB Bank (UK) Phish 2018-01-30 (current_events.rules)
2829481 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 266 (mobile_malware.rules)
2829482 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 267 (mobile_malware.rules)
2829483 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M1 (trojan.rules)
2829484 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M2 (trojan.rules)
2829485 - ETPRO POLICY External IP Address Lookup - apinotes .com (policy.rules)
2829486 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Join) (trojan.rules)
2829487 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Key logger) (trojan.rules)
2829488 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Window Logger) (trojan.rules)
2829489 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Recording Mic) (trojan.rules)
2829490 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (CommandShell) (trojan.rules)
2829491 - ETPRO TROJAN MSIL/IRCbot.M!bit Command (Infoharvest) (trojan.rules)
2829492 - ETPRO MOBILE_MALWARE Android.Trojan.Marcher.U Domain Request in SNI (mobile_malware.rules)
2829493 - ETPRO TROJAN GlobeImposter Payment Domain (bcwfga5ssxh3jrlp in DNS Lookup) (trojan.rules)
2829494 - ETPRO TROJAN LockeR Payment Domain (lockerrwhuaf2jjx in DNS Lookup) (trojan.rules)
2829495 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 1 (trojan.rules)
2829496 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 2 (trojan.rules)
2829497 - ETPRO TROJAN Maldoc Powershell Payload Request (trojan.rules)

[///]     Modified active rules:     [///]

2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
2025253 - ET TROJAN [PTsecurity] Kuriyama Loader Checkin (trojan.rules)
2829470 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (TnJ1MXpaeXM3SzlXeENDeHFZ) (trojan.rules)

[---]         Removed rules:         [---]

2810166 - ETPRO TROJAN Probably Evil MS Office HTTP request to savepic.su (trojan.rules)

Date: 
Tuesday, January 30, 2018 - 00:00