Daily Ruleset Update Summary 2018/04/05

[***]            Summary:            [***]

7 new Open, 27 new Pro (7 + 20). OSX/OceanLotus.D, Win32/InnaputRAT, W32/PinoRAT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025462 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ninjagames .top) (trojan.rules)
2025463 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ajdhsfhiudsfhsi .top) (trojan.rules)
2025464 - ET TROJAN OSX/OceanLotus.D Sending Data to CnC (trojan.rules)
2025465 - ET TROJAN OSX/OceanLotus.D Requesting Commands from CnC (trojan.rules)
2025466 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (ssl .arkouthrie .com) (trojan.rules)
2025467 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (s3 .hiahornber .com) (trojan.rules)
2025468 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (widget .shoreoa .com) (trojan.rules)

Pro:

2830264 - ETPRO CURRENT_EVENTS Successful Blackboard Phish 2018-04-04 (current_events.rules)
2830265 - ETPRO CURRENT_EVENTS Successful BT Phish 2018-04-04 (current_events.rules)
2830266 - ETPRO POLICY External IP Lookup Domain (lulusoft .com) (policy.rules)
2830267 - ETPRO TROJAN W32/PinoRAT C2 HTTP Pattern (trojan.rules)
2830268 - ETPRO CURRENT_EVENTS Observed MalDoc Payload Domain 2018-04-05 (www.obacold .com in TLS SNI) (current_events.rules)
2830269 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-04-05 M1 (current_events.rules)
2830270 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-04-05 M2 (current_events.rules)
2830271 - ETPRO TROJAN Win32/Rarog CnC Conn Check (trojan.rules)
2830272 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2018-04-05 (current_events.rules)
2830273 - ETPRO TROJAN Malicious Domain Panda Banker (oldsinedtdin .com in TLS SNI) (trojan.rules)
2830274 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-05 1) (trojan.rules)
2830275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-05 2) (trojan.rules)
2830276 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode RAT CnC) (trojan.rules)
2830277 - ETPRO TROJAN Observed RevCode RAT CnC Domain (netposter .wm01 .to in TLS SNI) (trojan.rules)
2830278 - ETPRO TROJAN MSIL/SquirtStealer C2 Init Via WCF (trojan.rules)
2830279 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-05) (trojan.rules)
2830280 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 Domain (tous1site .name in TLS SNI) (trojan.rules)
2830281 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 2 Domain (goblin-investment .000webhostapp .com in TLS SNI) (trojan.rules)
2830282 - ETPRO CURRENT_EVENTS Successful Generic Phish - 302 to Google Redirect 2018-04-05 (current_events.rules)
2830283 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bit .ly (Observed in MalDoc Campaigns) (current_events.rules)

[///]     Modified active rules:     [///]

2024452 - ET TROJAN Quant Loader Download Request (trojan.rules)
2025005 - ET CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016 (current_events.rules)
2815249 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2015-12-08 M3 (current_events.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2827590 - ETPRO TROJAN Win32/Rarog CnC Checkin (trojan.rules)
2827591 - ETPRO TROJAN Win32/Rarog CnC Communications (trojan.rules)
2827593 - ETPRO TROJAN Win32/Rarog Requesting Update (trojan.rules)
2827983 - ETPRO CURRENT_EVENTS Successful Generic Phish Sep 18 2017 (current_events.rules)
2828458 - ETPRO TROJAN W32/Rarog CnC Checkin M2 (trojan.rules)

[///]    Modified inactive rules:    [///]

2830130 - ETPRO TROJAN Win32/APosT.cxt CnC Beacon (trojan.rules)

Date: 
Thursday, April 5, 2018 - 00:00