Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/07/18

[***]            Summary:            [***]

23 new Pro. SocEng Redirec, MSIL/Unk.BroswerStealer, Various Phish, Mobile.

[+++]          Added rules:          [+++]

2831859 - ETPRO TROJAN Powershell Commands Determining OS and Downloading Additional Powershell (trojan.rules)
2831860 - ETPRO TROJAN Zeus Panda SSL/TLS Certificate Observed (trojan.rules)
2831861 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (846bd) (current_events.rules)
2831862 - ETPRO CURRENT_EVENTS Successful Generic Res Phish 2018-07-18 (current_events.rules)
2831863 - ETPRO TROJAN Win32/Troibomb.B CnC Beacon (trojan.rules)
2831864 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2018-07-18 (current_events.rules)
2831865 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18 (current_events.rules)
2831866 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18 (current_events.rules)
2831867 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-18 (current_events.rules)
2831868 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-07-18 (current_events.rules)
2831869 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18 (current_events.rules)
2831870 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18 (current_events.rules)
2831871 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-07-18 (current_events.rules)
2831872 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-07-18 (current_events.rules)
2831873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-18 1) (trojan.rules)
2831874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-18 2) (trojan.rules)
2831875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-18 3) (trojan.rules)
2831876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-18 4) (trojan.rules)
2831877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-18 5) (trojan.rules)
2831878 - ETPRO TROJAN MSIL/Unk.BroswerStealer CnC Exfil (trojan.rules)
2831879 - ETPRO MOBILE_MALWARE Android Riskware ComicDim CnC Beacon (mobile_malware.rules)
2831880 - ETPRO MOBILE_MALWARE Android.Trojan.PjApps.A CnC Beacon (mobile_malware.rules)
2831881 - ETPRO MOBILE_MALWARE PUP Android/Autoins.C CnC Beacon (mobile_malware.rules)

[///]     Modified active rules:     [///]

2021697 - ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious (trojan.rules)
2025392 - ET TROJAN QRat.Java.RAT Checkin Response (trojan.rules)
2025719 - ET POLICY Powershell Activity Over SMB - Likely Lateral Movement (policy.rules)
2025720 - ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement (policy.rules)
2025721 - ET POLICY Powershell Command With Encoded Argument Over SMB - Likely Lateral Movement (policy.rules)
2025722 - ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement (policy.rules)
2025723 - ET POLICY Powershell Command With Execution Bypass Argument Over SMB - Likely Lateral Movement (policy.rules)
2025724 - ET POLICY Powershell Command With NonInteractive Argument Over SMB - Likely Lateral Movement (policy.rules)
2025725 - ET POLICY RunDll Request Over SMB - Likely Lateral Movement (policy.rules)
2025726 - ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement (policy.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2830811 - ETPRO TROJAN Possible Qbot SSL Cert (trojan.rules)
2831446 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (529a0) (current_events.rules)

[---]         Removed rules:         [---]

2022239 - ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious (trojan.rules)
2812818 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 3 (trojan.rules)

Date:
Summary title:
23 new Pro. SocEng Redirec, MSIL/Unk.BroswerStealer, Various Phish, Mobile.