Daily Ruleset Update Summary 2018/02/14

[***]            Summary:            [***]

4 new Open, 23 new Pro (4 + 19). Hworm/Houdini, Win32/ASPC, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025355 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-02-14 (current_events.rules)
2025356 - ET CURRENT_EVENTS Linkedin Phishing Landing 2018-02-14 (current_events.rules)
2025357 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-14 (current_events.rules)
2025358 - ET MALWARE Rogue.WinPCDefender Checkin (malware.rules)

Pro:

2829657 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829658 - ETPRO TROJAN Observed APT28 Domain in SNI (trojan.rules)
2829659 - ETPRO TROJAN Hworm/Houdini DNS Lookup M1 (trojan.rules)
2829660 - ETPRO TROJAN Hworm/Houdini DNS Lookup M2 (trojan.rules)
2829661 - ETPRO TROJAN Win32/ASPC Bot CnC Checkin (trojan.rules)
2829662 - ETPRO TROJAN Win32/ASPC Bot CnC Checkin 2 (trojan.rules)
2829663 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish 2018-02-14 (current_events.rules)
2829664 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M1 (current_events.rules)
2829665 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M2 (current_events.rules)
2829666 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-02-14 M3 (current_events.rules)
2829667 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M1 (current_events.rules)
2829668 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M2 (current_events.rules)
2829669 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M3 (current_events.rules)
2829670 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M4 (current_events.rules)
2829671 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-14 (current_events.rules)
2829672 - ETPRO CURRENT_EVENTS Successful LastPass Phish 2018-02-14 (current_events.rules)
2829673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-14 1) (trojan.rules)
2829674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-14 2) (trojan.rules)
2829675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-14 3) (trojan.rules)

[///]     Modified active rules:     [///]

2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) (policy.rules)
2823674 - ETPRO TROJAN W32/Quasar 1.3 RAT MiscHandler HTTP Pattern (trojan.rules)
2827239 - ETPRO TROJAN MSIL/TopherMiner PWS CnC Checkin M2 (trojan.rules)
2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)
2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)

Date: 
Wednesday, February 14, 2018 - 00:00