Daily Ruleset Update Summary 2018/05/09

[***]            Summary:            [***]

6 new Open, 31 new Pro (6 + 25). URLZone, Win32.Wakme, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025568 - ET CURRENT_EVENTS Netflix Phishing Landing 2018-05-09 (current_events.rules)
2025569 - ET CURRENT_EVENTS Netflix Phishing Landing 2018-05-09 (current_events.rules)
2025570 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-05-09 (current_events.rules)
2025571 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-05-09 (current_events.rules)
2025572 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-05-09 (current_events.rules)
2025573 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-05-09 (current_events.rules)

Pro:

2830756 - ETPRO TROJAN W32/Unknown.Loader Starting VNC Module (trojan.rules)
2830757 - ETPRO CURRENT_EVENTS W32/Unknown.Loader Communicating with CnC (current_events.rules)
2830758 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in DNS Lookup) (trojan.rules)
2830759 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in TLS SNI) (trojan.rules)
2830760 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-09) (current_events.rules)
2830761 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830763 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830764 - ETPRO TROJAN SSL/TLS Certificate Observed (Ursnif) (trojan.rules)
2830765 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon (mobile_malware.rules)
2830766 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-05-09 (current_events.rules)
2830767 - ETPRO CURRENT_EVENTS Successful Mercado Pago Phish 2018-05-09 (current_events.rules)
2830768 - ETPRO TROJAN Win32.Wakme Checkin (trojan.rules)
2830769 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 1) (trojan.rules)
2830770 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 2) (trojan.rules)
2830771 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 3) (trojan.rules)
2830772 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 4) (trojan.rules)
2830773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 5) (trojan.rules)
2830774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 6) (trojan.rules)
2830775 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 7) (trojan.rules)
2830776 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 8) (trojan.rules)
2830777 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 9) (trojan.rules)
2830778 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-09 10) (trojan.rules)
2830779 - ETPRO CURRENT_EVENTS Successful Netflix Phish M1 2018-05-09 (current_events.rules)
2830780 - ETPRO CURRENT_EVENTS Successful Netflix Phish M2 2018-05-09 (current_events.rules)
2830781 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-05-09 (current_events.rules)

[///]     Modified active rules:     [///]

2018635 - ET TROJAN Common Upatre Header Structure 2 (trojan.rules)
2825151 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) Feb 27 2016 (current_events.rules)

[---]         Removed rules:         [---]

2830731 - ETPRO MALWARE W32/JbossMiner Checkin (malware.rules)

Date: 
Wednesday, May 9, 2018 - 00:00