Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/02/02

[***]            Summary:            [***]

16 new Open, 27 new Pro (16 + 11). Backdoor.Elise, ROKRAT, VBS.ARS, Various Phishing.

Thanks: @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2025290 - ET CURRENT_EVENTS Likely Cloned .EDU Website Phishing Landing 2018-02-02 (current_events.rules)
2025291 - ET TROJAN Backdoor.Elise CnC Beacon 2 M2 (trojan.rules)
2025292 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M1 (current_events.rules)
2025293 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M2 (current_events.rules)
2025294 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M3 (current_events.rules)
2025295 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M4 (current_events.rules)
2025296 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M5 (current_events.rules)
2025297 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M6 (current_events.rules)
2025298 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M7 (current_events.rules)
2025299 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M8 (current_events.rules)
2025300 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M9 (current_events.rules)
2025301 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M10 (current_events.rules)
2025302 - ET MALWARE Win32.LoadMoney User Agent 2 (malware.rules)
2025303 - ET MALWARE Win32/LoadMoney Adware Activity M2 (malware.rules)
2025304 - ET TROJAN Observed ExecPS/Cobolt Domain (getfreshnews .com in DNS Lookup) (trojan.rules)
2025305 - ET TROJAN [Flashpoint] Possible CVE-2018-4878 Check-in (trojan.rules)

Pro:

2829533 - ETPRO EXPLOIT Adobe Flash Request Retrieving XOR Key (associated with CVE-2018-4878) (exploit.rules)
2829534 - ETPRO TROJAN Group123 Encoded ROKRAT Payload (Observed with CVE-2018-4878) (trojan.rules)
2829535 - ETPRO POLICY Possible ROKRAT SSL Certificate Observed (policy.rules)
2829537 - ETPRO TROJAN VBS.ARS Plugin Report (trojan.rules)
2829538 - ETPRO TROJAN VBS.ARS Password Stealer Plugin Report (trojan.rules)
2829539 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC) (trojan.rules)
2829540 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant Downloader) (trojan.rules)
2829541 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant Downloader M2) (trojan.rules)
2829542 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-02 1) (trojan.rules)
2829543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-02 2) (trojan.rules)
2829544 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-02 3) (trojan.rules)

[///]     Modified active rules:     [///]

2012906 - ET WEB_CLIENT Download of PDF With Uncompressed Flash Content flowbit set (web_client.rules)
2828385 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Oct 23 2017 (current_events.rules)

[---]         Removed rules:         [---]

2829525 - ETPRO CURRENT_EVENTS Possible Wells Fargo Phishing Landing - Title over non SSL 2018-02-01 (current_events.rules)

Date:
Summary title:
16 new Open, 27 new Pro (16 + 11). Backdoor.Elise, ROKRAT, VBS.ARS, Various Phishing.