Daily Ruleset Update Summary 2018/03/08

[***]            Summary:            [***]

1 new Open, 22 new Pro (1 + 21). Donot Team YTY Framework, MSIL/XRoS, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025410 - ET CURRENT_EVENTS OneDrive Phishing Landing 2018-03-08 (current_events.rules)

Pro:

2829914 - ETPRO TROJAN Donot Team YTY Framework CnC Checkin (trojan.rules)
2829915 - ETPRO TROJAN Donot Team YTY Framework Requesting Commands from CnC (trojan.rules)
2829916 - ETPRO TROJAN Donot Team YTY Framework Uploading File to CnC (trojan.rules)
2829917 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829918 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829919 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829920 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829921 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829922 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829923 - ETPRO TROJAN Observed MSIL/XRoS CnC Domain in TLS SNI (trojan.rules)
2829924 - ETPRO TROJAN njRAT/Bladabindi Variant CnC Checkin (Microsoft|Windows) (trojan.rules)
2829925 - ETPRO TROJAN MSIL/MinerG8 CoinMiner CnC Response (trojan.rules)
2829926 - ETPRO TROJAN Observed Malicious Domain in TLS SNI (Steam PWS CnC) (trojan.rules)
2829927 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/DemonoMiner Retrieving Configs) (trojan.rules)
2829928 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-03-08 (current_events.rules)
2829929 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2018-03-08 (current_events.rules)
2829930 - ETPRO CURRENT_EVENTS Successful Swiss Bankers Prepaid Services Phish 2018-03-08 (current_events.rules)
2829932 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) 2018-03-08 (current_events.rules)
2829933 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-08 1) (trojan.rules)
2829934 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-08 2) (trojan.rules)
2829935 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-08 3) (trojan.rules)

Date: 
Thursday, March 8, 2018 - 00:00