Daily Ruleset Update Summary 2018/08/30

[***]            Summary:            [***]

30 new Open, 55 new Pro (30 + 25). MSIL/PsiXBot, Fallout EK Landing, Various Phish, Mobile.

[+++]          Added rules:          [+++]

Open:

2026041 - ET CURRENT_EVENTS Generic Chalbhai Phishing Landing 2018-08-30 (current_events.rules)
2026042 - ET CURRENT_EVENTS Generic Chalbhai Phishing Landing 2018-08-30 (current_events.rules)
2026043 - ET CURRENT_EVENTS Generic AES Phishing Landing 2018-08-30 (current_events.rules)
2026044 - ET CURRENT_EVENTS Hellion Postmaster Phishing Landing 2018-08-30 (current_events.rules)
2026045 - ET CURRENT_EVENTS Microsoft Document Phishing Landing 2018-08-30 (current_events.rules)
2026046 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing 2018-08-30 (current_events.rules)
2026047 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing 2018-08-30 (current_events.rules)
2026048 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing 2018-08-30 (current_events.rules)
2026049 - ET CURRENT_EVENTS Apple AES Phishing Landing 2018-08-30 (current_events.rules)
2026050 - ET CURRENT_EVENTS Stripe Phishing Landing 2018-08-30 (current_events.rules)
2026051 - ET CURRENT_EVENTS Adobe PDF Phishing Landing 2018-08-30 (current_events.rules)
2026052 - ET CURRENT_EVENTS Google Docs Phishing Landing 2018-08-30 (current_events.rules)
2026053 - ET CURRENT_EVENTS WeTransfer Phishing Landing 2018-08-30 (current_events.rules)
2026054 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-08-30 (current_events.rules)
2026055 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-08-30 (current_events.rules)
2026056 - ET CURRENT_EVENTS Generic Mailbox Phishing Landing 2018-08-30 (current_events.rules)
2026057 - ET CURRENT_EVENTS Generic Mailbox Phishing Landing 2018-08-30 (current_events.rules)
2026058 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-08-30 (current_events.rules)
2026059 - ET CURRENT_EVENTS Linkedin Phishing Landing 2018-08-30 (current_events.rules)
2026060 - ET CURRENT_EVENTS AT&T Phishing Landing 2018-08-30 (current_events.rules)
2026061 - ET CURRENT_EVENTS Generic PhishKit Author Comment M1 2018-08-30 (current_events.rules)
2026062 - ET CURRENT_EVENTS Generic PhishKit Author Comment M2 2018-08-30 (current_events.rules)
2026063 - ET CURRENT_EVENTS Generic PhishKit Author Comment M3 2018-08-30 (current_events.rules)
2026064 - ET CURRENT_EVENTS Generic PhishKit Author Comment M4 2018-08-30 (current_events.rules)
2026065 - ET CURRENT_EVENTS Generic PhishKit Author Comment M5 2018-08-30 (current_events.rules)
2026066 - ET CURRENT_EVENTS Generic PhishKit Author Comment M6 2018-08-30 (current_events.rules)
2026067 - ET CURRENT_EVENTS Generic PhishKit Author Comment M7 2018-08-30 (current_events.rules)
2026068 - ET CURRENT_EVENTS Generic PhishKit Author Comment M8 2018-08-30 (current_events.rules)
2026069 - ET CURRENT_EVENTS Generic PhishKit Author Comment M9 2018-08-30 (current_events.rules)
2026070 - ET CURRENT_EVENTS Generic PhishKit Author Comment M10 2018-08-30 (current_events.rules)

Pro:

2832387 - ETPRO TROJAN MSIL/PsiXBot CnC Activity (trojan.rules)
2832388 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (current_events.rules)
2832389 - ETPRO POLICY External IP Lookup Service (sohu .com cityjson) (policy.rules)
2832390 - ETPRO MALWARE Win32/FlyStudio Variant CnC Checkin (malware.rules)
2832391 - ETPRO CURRENT_EVENTS Fallout EK Landing Aug 2018 (current_events.rules)
2832392 - ETPRO USER_AGENTS Suspicious UA (artifact) (user_agents.rules)
2832393 - ETPRO POLICY External IP Lookup Service (appzt .cn) (policy.rules)
2832394 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 379 (mobile_malware.rules)
2832395 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 380 (mobile_malware.rules)
2832396 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 381 (mobile_malware.rules)
2832397 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a Checkin (mobile_malware.rules)
2832398 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon (mobile_malware.rules)
2832399 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon 2 (mobile_malware.rules)
2832400 - ETPRO MOBILE_MALWARE Android/Obfus.IQ Checkin (mobile_malware.rules)
2832401 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 382 (mobile_malware.rules)
2832402 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 383 (mobile_malware.rules)
2832403 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 384 (mobile_malware.rules)
2832404 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 385 (mobile_malware.rules)
2832405 - ETPRO TROJAN W32.TaiHaoLe Checkin (trojan.rules)
2832406 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-30 1) (trojan.rules)
2832407 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-30 2) (trojan.rules)
2832408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-30 3) (trojan.rules)
2832409 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-30 4) (trojan.rules)
2832410 - ETPRO CURRENT_EVENTS Fallout EK Landing 2018-08-30 M1 (current_events.rules)
2832411 - ETPRO CURRENT_EVENTS Fallout EK Landing 2018-08-30 M2 (current_events.rules)

[///]     Modified active rules:     [///]

2022550 - ET CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016 (current_events.rules)

Date: 
Thursday, August 30, 2018 - 00:00