Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/03/28

[***]            Summary:            [***]

6 new Open, 26 new Pro (6 + 20). Ursnif Socks Proxy, Remcos RAT, Emotet Certificate, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025443 - ET CURRENT_EVENTS IRS Phishing Landing 2018-03-28 (current_events.rules)
2025444 - ET TROJAN [PTsecurity] Ursnif Socks Proxy Check-in (trojan.rules)
2025445 - ET TROJAN [PTsecurity] Ursnif Socks5 Proxy Connection (trojan.rules)
2025446 - ET POLICY DNS Query to .onion proxy Domain (onion .sx) (policy.rules)
2025447 - ET CURRENT_EVENTS Chase Phishing Landing 2018-03-28 (current_events.rules)
2025448 - ET CURRENT_EVENTS Impots Phishing Landing 2018-03-28 (current_events.rules)

Pro:

2830155 - ETPRO TROJAN Remcos RAT Checkin 11 (trojan.rules)
2830156 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2018-03-27 (current_events.rules)
2830157 - ETPRO CURRENT_EVENTS Successful IRS Phish 2018-03-28 (current_events.rules)
2830158 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2018-03-28 (current_events.rules)
2830159 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-03-28) (current_events.rules)
2830160 - ETPRO CURRENT_EVENTS Observed MalDoc Payload Domain (fitmensguide. com in TLS SNI 2018-03-28) (current_events.rules)
2830161 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2018-03-28 (current_events.rules)
2830162 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-03-28 M1 (current_events.rules)
2830163 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-03-28 M2 (current_events.rules)
2830164 - ETPRO CURRENT_EVENTS Successful Impots Phish 2018-03-28 M1 (current_events.rules)
2830165 - ETPRO CURRENT_EVENTS Successful Impots Phish 2018-03-28 M2 (current_events.rules)
2830166 - ETPRO TROJAN Remcos RAT Checkin 12 (trojan.rules)
2830167 - ETPRO MALWARE Win32/InstallCore.Gen.A Checkin (malware.rules)
2830168 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-28 1) (trojan.rules)
2830169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-28 2) (trojan.rules)
2830170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-28 3) (trojan.rules)
2830171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-28 4) (trojan.rules)
2830172 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-28 5) (trojan.rules)
2830173 - ETPRO TROJAN Emotet Certificate Observed M1 (trojan.rules)
2830174 - ETPRO TROJAN Emotet Certificate Observed M2 (trojan.rules)

[///]     Modified active rules:     [///]

2015028 - ET TROJAN Cridex Post to CnC (trojan.rules)
2821683 - ETPRO SCADA DNP3 Cold Restart (scada.rules)
2829891 - ETPRO TROJAN PLEAD TScookie CnC Checkin (trojan.rules)
2830148 - ETPRO TROJAN MSIL/BackdoorAgent.BBT CnC Checkin (trojan.rules)

Date:
Summary title:
6 new Open, 26 new Pro (6 + 20). Ursnif Socks Proxy, Remcos RAT, Emotet Certificate, Various Mobile, Various Phishing.