Daily Ruleset Update Summary 2018/03/20

[***]            Summary:            [***]

28 new Pro. URLZone, MSIL/PCsinfect Stealer, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Pro:

2830050 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC) (trojan.rules)
2830051 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC) (trojan.rules)
2830052 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in DNS Lookup) (trojan.rules)
2830053 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in DNS Lookup) (trojan.rules)
2830054 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in TLS SNI) (trojan.rules)
2830055 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in TLS SNI) (trojan.rules)
2830056 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in DNS Lookup) (trojan.rules)
2830057 - ETPRO POLICY External IP Lookup Domain (wsgeoip.pdfsam.org) (policy.rules)
2830058 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in TLS SNI) (trojan.rules)
2830059 - ETPRO TROJAN Win32/Prilex DNS Lookup (trojan.rules)
2830060 - ETPRO TROJAN MSIL/PCsinfect Stealer CnC Checkin 1 (trojan.rules)
2830061 - ETPRO TROJAN MSIL/PCsinfect Stealer CnC Checkin 2 (trojan.rules)
2830062 - ETPRO TROJAN Android/TrojanSMS.Agent.CSN DNS Lookup (trojan.rules)
2830063 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Download 2018-03-20) (current_events.rules)
2830064 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in DNS Lookup) (trojan.rules)
2830065 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20 (current_events.rules)
2830066 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in TLS SNI) (trojan.rules)
2830067 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20 2 (current_events.rules)
2830068 - ETPRO CURRENT_EVENTS Successful ING Direct Phish 2018-03-20 (current_events.rules)
2830069 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2018-03-20 (current_events.rules)
2830070 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-03-20 (current_events.rules)
2830071 - ETPRO CURRENT_EVENTS Successful UBS Phish 2018-03-20 (current_events.rules)
2830072 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 1) (trojan.rules)
2830073 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 2) (trojan.rules)
2830074 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 3) (trojan.rules)
2830075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 4) (trojan.rules)
2830076 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 5) (trojan.rules)
2830077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-20 6) (trojan.rules)

[+++]  Enabled and modified rules:   [+++]

2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks Initial (POST) (current_events.rules)

[///]     Modified active rules:     [///]

2830032 - ETPRO USER_AGENTS Win32/Agent.xxxyeb Downloader (user_agents.rules)

Date: 
Tuesday, March 20, 2018 - 00:00