Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/08/02

[***]            Summary:            [***]

25 new Open, 55 new Pro (25 + 30). NSO Domains, JS/BrushaLoader, Various Phish.

[+++]          Added rules:          [+++]

Open:

2025932 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-08-01 (current_events.rules)
2025933 - ET MOBILE_MALWARE NSO Related Domain 1 (mobile_malware.rules)
2025934 - ET MOBILE_MALWARE NSO Related Domain 2 (mobile_malware.rules)
2025935 - ET MOBILE_MALWARE NSO Related Domain 3 (mobile_malware.rules)
2025936 - ET MOBILE_MALWARE NSO Related Domain 4 (mobile_malware.rules)
2025937 - ET MOBILE_MALWARE NSO Related Domain 5 (mobile_malware.rules)
2025938 - ET MOBILE_MALWARE NSO Related Domain 6 (mobile_malware.rules)
2025939 - ET MOBILE_MALWARE NSO Related Domain 7 (mobile_malware.rules)
2025940 - ET MOBILE_MALWARE NSO Related Domain 8 (mobile_malware.rules)
2025941 - ET MOBILE_MALWARE NSO Related Domain 9 (mobile_malware.rules)
2025942 - ET MOBILE_MALWARE NSO Related Domain 10 (mobile_malware.rules)
2025943 - ET MOBILE_MALWARE NSO Related Domain 11 (mobile_malware.rules)
2025944 - ET MOBILE_MALWARE NSO Related Domain 12 (mobile_malware.rules)
2025945 - ET MOBILE_MALWARE NSO Related Domain 13 (mobile_malware.rules)
2025946 - ET MOBILE_MALWARE NSO Related Domain 14 (mobile_malware.rules)
2025947 - ET MOBILE_MALWARE NSO Related Domain 15 (mobile_malware.rules)
2025948 - ET MOBILE_MALWARE NSO Related Domain 16 (mobile_malware.rules)
2025949 - ET MOBILE_MALWARE NSO Related Domain 17 (mobile_malware.rules)
2025950 - ET MOBILE_MALWARE NSO Related Domain 18 (mobile_malware.rules)
2025951 - ET MOBILE_MALWARE NSO Related Domain 19 (mobile_malware.rules)
2025952 - ET MOBILE_MALWARE NSO Related Domain 20 (mobile_malware.rules)
2025953 - ET MOBILE_MALWARE NSO Related Domain 21 (mobile_malware.rules)
2025954 - ET MOBILE_MALWARE NSO Related Domain 22 (mobile_malware.rules)
2025955 - ET MOBILE_MALWARE NSO Related Domain 24 (mobile_malware.rules)

Pro:

2832042 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-08-01 (current_events.rules)
2832043 - ETPRO CURRENT_EVENTS Successful Personalized Phish 2017-08-01 (current_events.rules)
2832044 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2018-08-01 (current_events.rules)
2832045 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-08-01 (current_events.rules)
2832046 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-08-01 (current_events.rules)
2832047 - ETPRO TROJAN Observed Malicious SSL Cert (Hawkeye Keylogger CnC) (trojan.rules)
2832048 - ETPRO CURRENT_EVENTS JS/BrushaLoader Successful CnC Checkin Response (current_events.rules)
2832049 - ETPRO CURRENT_EVENTS VBS Executing Base64 Encoded PowerShell Command Inbound (current_events.rules)
2832050 - ETPRO TROJAN Observed Malicious SSL Cert (JS/BrushaLoader CnC Domain) (trojan.rules)
2832051 - ETPRO TROJAN JS/BrushaLoader CnC Domain in SNI (trojan.rules)
2832052 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (IPv4 Regex) (info.rules)
2832053 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (Win32 Get-WmiObject) (info.rules)
2832054 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (OSVersion.Version) (info.rules)
2832055 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (GetCurrent User) (info.rules)
2832056 - ETPRO INFO Possible System Enumeration via PowerShell over TCP (AntiVirus Query) (info.rules)
2832057 - ETPRO CURRENT_EVENTS JS/BrushaLoader CnC Checkin (current_events.rules)
2832058 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (20b13) (current_events.rules)
2832059 - ETPRO USER_AGENTS Win32/Small.NNX UA (System_Agent) (user_agents.rules)
2832060 - ETPRO TROJAN Control Miner CnC Checkin (trojan.rules)
2832061 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt CnC) (trojan.rules)
2832062 - ETPRO TROJAN Cobalt Group SSL/TLS Certificate Observed (trojan.rules)
2832063 - ETPRO TROJAN MSIL/xAccess CnC Checkin/Activity (trojan.rules)
2832064 - ETPRO POLICY Hola VPN IP Check (lumtest .com) (policy.rules)
2832065 - ETPRO POLICY Hola VPN IP Check (hola .org) (policy.rules)
2832066 - ETPRO POLICY Possible IP Check (myip.json in URI) (policy.rules)
2832067 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-02 1) (trojan.rules)
2832068 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-02 2) (trojan.rules)
2832069 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-02 3) (trojan.rules)
2832070 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-02 4) (trojan.rules)
2832071 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-02 5) (trojan.rules)

[///]     Modified active rules:     [///]

2823044 - ETPRO TROJAN W32.Dreambot Checkin (trojan.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2832033 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-01 1) (trojan.rules)

Date:
Summary title:
25 new Open, 55 new Pro (25 + 30). NSO Domains, JS/BrushaLoader, Various Phish.